This page contains a Flash digital edition of a book.
@InfosecurityMag


......Counterpoint..... B


Security’s Little Awareness Helper


efore we begin, let me make a few things clear: I am not Anonymous, I am not Legion, I try to forgive, I am prone to forgetfulness, and you can expect me to defend them (in a way).


The rise of hacktivism over the past two years has changed the way information security operates, whether we like it or not. These groups have started and will continue executing their method of security awareness on the public at our expense – all the while creating a deeper awareness of security culture. Whether done for the Lulz or an ideology, the awareness is building and its making companies think fi rst before acting. According to the most recent ‘Verizon Data Breach Investigations Report’, hacktivists were responsible for 58% of all data stolen last year. That’s an incredible number that will most likely continue if we can’t open our eyes to what’s actually wrong; and many of these groups are doing just that –


Yes it’s wrong that people are exploiting SQL injection for personal gain, but when are we going to learn how to fix the issue?


exposing the soft underbelly of security. Yes it’s wrong that people are exploiting SQL injection for personal gain, but when are we going to learn how to fi x the issues? This and other common vulnerabilities are a constant open palm to the face that need to be fi xed now. As soon as we fi x them, the slapping will stop.


There are also many security vendors that are thriving from the attacks and using them to increase sales. As the saying goes, ‘Let’s start a war, we could all use the money’, stands very true today. Now more


than ever, information security professionals are in constant need, and companies are perpetually increasing security headcount and budgets. They wouldn’t be doing this if they thought they were secure. They’re starting to invest more in their security architecture thanks to hacktivists. Every compromise, tweet, video, and Pastebin upload is thoroughly covered by the media ad nauseam. News of these exploits isn’t just reported in a small niche of information security publications, they are worldwide bulletins covered by major media outlets. The everyday person is aware of these groups in one way or another and its making them think, ‘How secure am I?’ or ‘How safe is my data?’. These thoughts are ground breaking views for the common user, stirred by the images of multi-billion dollar companies


being compromised. This is a paradigm shift in thinking brought up by the constant reminder of hacktivism.


Behind closed doors in the


corporate boardroom, upper management is terrifi ed of these groups. The last thing they want their organization’s name associated with is hacktivism – causing reputation damage and unwanted publicity. I don’t completely agree with the way these attacks are being brought about, but it is causing organizations to also ask the hard questions. Are we susceptible to similar attacks? What are we doing to avoid being the next media headline? This exposure to information security is allowing voices to be heard that were previously


AUTHOR PROFILE


Matthew Pascucci is an information security engineer for a large public e-commerce company. He’s a frequently published author, reviewer, speaker and commenter on information security- related topics and events. You can read Pascucci’s other musings on his blog www.frontlinesentinel.com or follow his tweets @matthewpascucci. He holds a BS in computer information systems and has several networking, security, and computer-related certifications.


www.infosecurity-magazine.com /// 43


muted. You can use past compromises and prove to management that these attacks are real and people are very capable of exploiting vulnerabilities on your network. There’s no one way to stop hacktivists from knocking on your front door, but we should all be prepared before they come to the doorstep. Yes, it’s embarrassing to get breached, and heads will most likely roll because of it, but if we were following proper security guidelines, then many of these hacktivists attacks would fail. You can love them, or hate them, but one thing’s certain: hacktivist exploits are bringing security awareness to the people on a large stage, and for that you need to respect them.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52