Back in the 80’s, when someone hacked a website, they left a message not unlike graffiti. “Hackers rule” or something silly like that. It was relatively harmless. These days, hackers have grown up and hack with resolve. If they should deem your website or business counter to their beliefs, you could find yourself out of business within days.
Research suggests that 1 in 5 hackers are hacktivists. That is, their motivation for hacking is activism. Some of this activity may be seen as productive. For example, a hacker once created an open source software that enabled people in China to circumvent government censorship. Through the use of this software, one could access restricted websites such as CNN or Amnesty International, even in countries where it had been banned by government.
However, there is a dark side to hacktivism. Hackers often use open source hacking tools to penetrate Windows networks and employ “denial of service” attacks to bring down legitimate businesses. Essentially, a “denial of service” or DoS attack bombards a server with more requests than it can handle until it ceases functioning. More effective than a traditional protest or picket line, a DoS attack can cut off a business’s sole source of online revenue, crippling it in the process. DoS attacks can be implemented through email spam, downloads and various other methods.
These open source tools go by names such as Social Engineer Toolkit, John the Ripper and Metasploit. Anyone can use them and they’re readily available for download online. Go ‘head. Perform a Google search and see for yourself. It’s more than a little bit scary.
Here’s a number that’s scarier, still. 60% of small businesses call it quits within 6 months of a cyber attack. Don’t be one of them. Follow a few simple precautions.
- Use the latest versions of software. Software updates ensure that vulnerabilities identified by the author have been addressed. If a software doesn’t have a recent update, then it may be wise to seek an alternative software.
- Make sure security extends across mediums. Anything connected to your network needs to be secure including cell phones and tablets. Use of a PIN code is highly desirable.
- Don’t rely on W-Fi. It’s risky and easily exploited. Make sure that employees use a VPN when accessing the network off-site. A VPN (or virtual private network) provides a layer of security as one must log on before being able to access an open wireless network.
- Educate employees. Just today, users of a common browser cleaner called CCleaner learned that the latest version has been compromised when hackers breached the author’s security. As a result, CCleaner version 5.3 not only contains software updates but a multi-stage malware payload. Approximately 2.27 million users are affected. Make sure your employees know what they should and should not download on their work stations. Create a list of approved tools.
- Be proactive. Develop a risk management plan. Identify your vulnerabilities and most valuable assets. Develop a strategy to secure the most valuable information first and work from there.
For certain business markets, hacktivism is an obvious threat. A fur business knows it has to protect itself from PETA activists. Political parties must protect themselves from their ideological counterparts.
For some of us however, the answer isn’t quite so obvious. So, consider the worst case scenario. If you were to lose your most important asset to a network hack, could you overcome it?
Feel free to leave a comment or email me with your thoughts and ideas on hacktivism. If you think your business is at risk and wish to take action to protect it, call me at 336.447.3473.