Hacktivism Targets the Enterprise in 2017

You may not have heard the term “hacktivisim,” but you’ve certainly heard the news stories about the activity. The act of hacking for political or socially motivated purpose, hacktivism was front-page news throughout 2016—from Russian meddling in the U.S. presidential election, to continued drama with Chinese state-sponsored hackers, to domestic attacks on the state of Michigan and the state of North Carolina. These high-profile attacks signal the rise of hacktivism as a major force shaping our world. But the threat isn’t limited to governments; businesses in every sector will increasingly find themselves targeted by these purpose-driven cybercriminals.

Hacktivism accounts for nearly 1 in 3 cyberattacks in 2016

Overall, the independent security blog Hackmageddon reports that 14.2 percent of all 2016 cyberattacks were motivated by hacktivism. However, adding in attacks motivated by “cyber warfare” and “cyber espionage”—many of which would be considered state-sponsored hacktivism—the hacktivism total comes closer to 30 percent of all attacks.

Hacktivism predictions for 2017:

  • State-sponsored hacking will continue. Experts say the high-profile state-sponsored hacktivism we saw in 2016 will continue in 2017. Hacking is becoming the most popular modern “weapon of war” for many governments around the globe. Compared to traditional military tactics, it’s cheap and it’s low-risk—both because it’s hard to trace and generally falls outside the international diplomatic understanding of “armed conflict” or “use of force.”
  • High-profile hacks will deepen the “talent pool” for hacktivists. Sponsored hacking is fueling a thriving black market for digital mercenaries—talented, professional hackers-for-hire. At the same time, headline-grabbing hacks are attracting more amateur hackers to join the ranks of organizations like Anonymous and take up the fight for their own causes. Deloitte says hacktivist attacks are at “an all-time high” in large part because social media enables a single hacker to quickly and easily recruit a digital army “with a single tweet or a Facebook post.”
  • Enterprises will increasingly become “collateral damage” in state-sponsored hacking wars. Experts warn against believing your organization is “immune” or “of no interest to warring parties.” With cybercrime now a vital tactic of complex international conflicts, Experian predicts that enterprises (and their customers) will increasingly become “pawns in international disputes” or “collateral damage.” Just having a government contract—for a completely non-controversial service—could make you a target of an attack aimed at that government.
  • Hacktivists will increasingly target enterprises. One of McAfee’s top 2017 enterprise security predictions: hacktivists will expose privacy and/or security issues in enterprise IT infrastructure. “Hired-hand” hacktivism is bleeding into the corporate world, where unethical commercial enterprises covertly hire hacktivists to take down their competition. Just as concerning: BitSight predicts that “purist” hacktivists will increasingly turn their sights on corporations. IDG warns that corporations should “expect more Wikileaks-style releases of embarrassing photos and corporate documents.”
  • Any company can be a target. If your organization is affiliated with controversial causes, or has known opposition, you already know you’re a likely hacktivist target. But as hacktivism grows and more amateurs join the ranks, the truth is any business can find itself the target of a hacktivist attack. It’s not just large companies that fit into the known opposition hacktivist threat anymore; it’s former employees, vendors or other entities that may feel spurned by an organization and now have an easy means of recruiting an army of hacktivists to perpetrate their revenge—no technical knowledge required. Only the slightest tangential connection to a controversial issue could make a company a target. Nissan recently found itself the target of a DDoS attack by Anonymous in protest of whaling in Japan. What does Nissan have to do with whaling? Nothing. But attacking this large Japanese company made the attack’s “cause” highly visible to a global audience.

Know your hacktivism risk. Plan to mitigate the threat.

With just about any business now a potential and easy target for hacktivist attacks, all businesses should be aware of how both their immediate activities and current events can acutely increase their risk. And like any of the growing data security risks, having an attack response plan is critical. Keeping IT infrastructure up to date minimizes vulnerabilities, but no enterprise is hack-proof. How will you get users back up and running? How can you keep hacktivists from grinding your business to a halt? Use our Data Loss Risk Calculator to find out how much your business could stand to lose.