After a period of decline, hacktivism is emerging again as a serious threat. This month, videogame streaming service Twitch was the victim of a massive breach that exposed creator payout reports and Twitch’s entire source code among other proprietary information. The 125GB data breach follows directly on the heels of a major hack of Epik, a web hosting provider associated with right-wing political groups. Hackers claiming association with the hacktivist group Anonymous took credit for the attack, which disclosed information on more than 15 million users. These breaches are only the latest in a string of hacktivist cyberattacks in the past year.
A Rebounding Threat
Nearly a decade has passed since major hacktivist attacks, such as the Bank of America and U.S. Senate website hacks, were a regular part of the news cycle. After 2015, hacktivism saw a precipitous decline generally attributed to a sharp crackdown by law enforcement and corresponding drop off in attacks by the prolific Anonymous collective. However, that trend appears to be reversing.
Focus had shifted in recent years to guarding against cybercriminals and nation-state attackers. As a result, the re-emerging threat of hacktivism is still being ignored by many organizations.
Protecting Yourself from Hacktivists
Whether or not one sympathizes with a given hacktivist’s purported motives, collateral damage to innocent bystanders, such as company employees and customers, is something that everyone should take seriously. You can reduce the risk to your organization’s employees, customers and reputation by hardening your defensive posture against hacktivist attacks. Here are some steps to take:
- Keep system software and firmware up to date: Cyberattacks, including those perpetrated by hacktivists, are frequently driven by opportunity. Leaving known vulnerabilities exposed by failing to update systems makes you an easy target.
- Factor hacktivist threats into your organization’s security risk profile: The likelihood of being targeted by a hacktivist group should be considered as part of a comprehensive risk assessment based on your organization’s unique characteristics.
- Establish and test incident response and contingency plans: Your organization should develop detailed plans for responding to a hacktivist attack or even an announced intention to attack. These plans should include protocols for reporting breaches to authorities and the media, and they should be tested against mock scenarios to ensure effectiveness and compliance during a real attack.
Still worried? MBL Technologies can help you keep up with ever evolving cyberthreats by developing long-term, sustainable security solutions, giving you confidence in your cyber defense.