Anonymous Protests Highlight Need for Cybersecurity
Hackers collectively known as Anonymous plan to participate in a protest called the Million Mask March. Do organizations need to revisit their security strategies?
The loose collective of hackers known as Anonymous has had a busy year, wreaking cyber havoc in politically motivated attacks ranging from taking down news websites in South Africa to defacing the website of Spain's People's Party to publishing electronic data taken from an electrical power producer in Azerbaijan. Last week Anonymous hackers attacked media and government websites in the Philippines and Singapore. Like their counterparts elsewhere around the world, Anonymous groups in those countries are encouraging people to gather for peaceful protests in several major cities on Nov. 5 in an event they are calling the Million Mask March.
Police forces in cities tapped for marches are likely on high alert, worried about potential physical clashes with protesters. Will Anonymous choose to launch more cyber attacks as well? While it's tough to predict the specific actions of this shadowy group, their activities highlight the importance of having and maintaining a strong security posture.
Cybersecurity: Stay Vigilant
"Awareness of a potential security event is not the time to be starting or even changing your cyber security strategy," said Jerry Irvine, CIO of IT consulting firm Prescient Solutions and a member of the National Cyber Security Partnership Task Force. "Cyber security must be baked into the platform, infrastructure and application environments at the time of concept and implemented throughout the entire development and implementation life cycle."
Security organizations should periodically test their cyber security systems and processes by conducting detailed what-if scenarios, he added. In an environment of "heightened awareness" like the planned Anonymous protests, organizations should step up these regular efforts. "They should review their processes yet again, reviewing their systems risk analysis for vulnerabilities of critical systems, their potential threats, and risks associated with them," Irvine advised.
One of the best strategies, he said, is staying on top of reports of recent attacks and current threats compiled and tracked by organizations including InfraGard and the IT-ISAC (Information Technology-Information Sharing and Analysis Center) as well as the US-CERT (United States Computer Emergency Readiness Team) and NIST (National Institute of Standards and Technology).
In particular, he said, companies should be mindful of threats targeting their specific industry sectors. Staying informed about breaches and potential targets can help companies design and tweak their security environments.
Companies also need to evolve their security strategies. Irvine said. Traditional legacy security solutions focused on strengthening the perimeter, such as firewalls, intrusion detection systems and antivirus, are no longer effective – at least not on their own. "The idea has always been to keep malicious activity outside networks. But with mobile devices and Web applications, that kind of security is becoming obsolete," he said.
Many companies are not doing thorough risk assessments for mobile devices and applications, he said. Instead they simply use their current infrastructure and legacy security solutions when transmitting data to mobile devices and then back to the corporate environment.
"Data should never leave the enterprise environment," he said. "You can present images of it or reports based on it, but the actual data should not leave."
Companies should supplement their existing security systems with more proactive solutions such as vulnerability scanners and server and application hardening, he suggested.
If an attack does occur, he said, the primary goal is to mitigate losses by containing it as much as possible. Companies need controls to segment and isolate systems and data from each other. "At the time of detection, systems should be isolated or even disconnected," he said.
It’s also important, he added, to gather as much forensic information as possible so security professionals can define the source of the breach and prevent similar breaches from occurring in the future.
Ann All is the editor of eSecurity Planet and Enterprise Apps Today. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.