http://www.csoonline.com/article/705855/hacktivists-have-the-enterprises-attention.-now-what- By George V. Hulme CSO May 07, 2012 Enterprise security pros have plenty to worry about: malware, insiders stealing information, an employee leaving an unencrypted notebook full of gigabytes of intellectual property on a train. However, the spate of hacktivist attacks in recent years from groups such as Anonymous and LulzSec has upped the anxiety level. According to a number of recent surveys, Most IT and security professionals see Anonymous as a serious threat to their companies. So what to do about it? Should it change the way organizations secure their systems? Experts say, simply, most enterprises probably should. The first piece of advice is to forget about security through obscurity. Assume you will be a target. "One of the interesting things about hactivism is that it is difficult for a company to determine in advance whether it is going to be the subject of a hacktivist attack," says Mark Rasch, director of cybersecurity and privacy consulting at Computer Sciences Corporation "Take a mid-sized company that manufactures widgets in Wisconsin. They could easily ask: 'Why would hactivists be after us.'" There are plenty of unforeseeable reasons. "We're not involved in politics. We don't do anything particularly controversial. Suddenly, the spokesperson they have for their ads, who they've hired from their public relations firm, who in turn hired an ad firm, that's hired a person to put together an ad that hired an actress who says something that offends some group. Now you're off to the races. The point is it may be nothing they did. They may be a victim of circumstance or happenstance," says Rasch. [...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.orgReceived on Tue May 08 2012 - 02:19:20 PDT
This archive was generated by hypermail 2.2.0 : Tue May 08 2012 - 02:15:35 PDT