31 Aug 2011

Businesses need coordinated response to hacktivism

Because hacktivist groups want to draw attention to a cause or message, companies need to coordinate information technology and public relations teams to combat the threat and respond to attacks, according to Greg Nowak of the Information Security Forum.

Speaking to Infosecurity, Nowak said computer security teams should design defensive programs after conferencing with PR to determine what business dealings or practices might attract the attention of hacktivists.

At the same time, Nowak said, IT needs to constantly communicate with other departments to ensure computer security best practices. He cited a recent attack on HBGary, in which weak and duplicative passwords gave hackers widespread access to systems.

If a hacktivist intrusion does occur, Nowak said businesses should not be panicked by alarmist media reports that exaggerate the scope or severity of the attack. He said communicating with the same tools, like YouTube, that hacktivists use to spread their messages can be a good way to respond to their charges or protests.

Hacktivists' use of social media tools was on display recently, as Anonymous members used YouTube, Twitter and blogs to publicize their attacks on San Francisco's Bay Area Rapid Transit sites, which they targeted to protest BART police tactics.