The Emergence Of The Hacktivist

Whilst most cyber attacks don’t cause mainstream media headlines, the effects of hacktivism more than make up for mainstream impact. 

The most high-profile case was against the law firm Mossack Fonseca commonly known as the Panama Papers, although the firm was not hit by anything that damaged the firm’s financial assets, it was a data breach that caused irreparable reputational damage forcing the company to close.

In this instance 2.6TB of data was lost which remains to be the biggest data breach ever recorded, exposing records of global elites including heads of state.  The damage was so severe that the global reputation of Panama as a country was tarnished, causing economic impact to the country’s GDP.

A year later an offshore law firm called Appleby exposed 1.4TB of data commonly referred to as the Paradise Papers. In this instance financial records for global elites, global brands and royalty where exposed, with similar global impact.

The risk of data breaches from hacktivism is not going away and as politically ideology becomes more and more divisive, we are seeing more targets perceived as ‘fair game’.  Political ideology within the United Kingdom is currently divided on Brexit, Environment & Racism, and the global economic impact of US/China trade wars creates further global tensions.

Who are the hacktivist groups?

Hacktivism takes place around groups of people with similar ideologies such as “keep Governments open” with Wikileaks, or “Anti-censorship” with Anonymous, although Anonymous has now formed several splinter groups as ideologies were divided on some political issues.

How can you protect your business against hacktivism?

  • Identify what sensitive data your company holds
  • Map how the data is generated and how it is used and stored
  • Destroy data that is no longer required
  • Use Principle of Lease privilege, so that people only have access to the information they need.
  • Ensure that everyone believes it is there responsibility to ensure data is secure
  • Provide education so that everyone knows how to keep information secure
  • Establish data protection policies and procedures that everyone must follow
  • Establish a data breach notification and incident response process
  • Dark Web Monitoring – After a data breach has taken place it is difficult to monitor or stop the distribution of data, however dark web monitoring helps mitigate the distribution. As an example, password resets can be put in place before they have been exploited.
  • Follow Law Society guidance on Cyber Essentials
  • Review website contents for defacement of content
  • Carryout password audits
  • Distributed Denial of Service (DDoS) mitigation with services such as Cloudflare