Originally posted on Govwin.com
By Prem Iyer, Director of Information Security at Iron Bow Technologies
Despite a reported reduction in the number of cyber attacks, major brands and government agencies across the globe have been the targets of increasingly sophisticated cyber attacks.
A notorious hacker group, LulzSec, has recently infiltrated government Web sites belonging to the CIA and the United States Senate. There is also speculation that the group was responsible for the Sony breach two months ago.
And the attacks won’t end there.
Recently, the group pledged to launch a campaign of cyber attacks against the world’s governments. LulzSec plans to unite with Anonymous (known for attacks on HBGary Federal) for Operation Anti-Security, which will target the FBI and other affiliated sites the groups believe are using lackluster security methods.
Agencies are Ill-Prepared
Agencies today still take a reactive approach to security. They often wait until an incident occurs, and if/when that happens, they move to evaluate vendors and procure a corresponding technology. For example, endpoint encryption only became popular following major incidents involving stolen laptops.
Government agencies can no longer afford to consider reactive approaches to security. There has been a marked change in the attacker profile and, although attacks today may be fewer, they are more targeted and persistent than ever before.
In the past, there was a preponderance of “script kiddies” trying to gain bragging rights. Now, we’re seeing attacks as a for-profit game played by sophisticated cybercrime organizations like the Russian Business Network and Anonymous that have deep resources and advanced “red team” skills.
Separately, a group of “hacktivist”-type organizations attack organizations they feel have infringed upon free speech or other rights.
Taking Proactive Steps
Government agencies need to take proactive steps to protect critical assets and brand reputation. Operation Anti-Security and similar attacks are designed to embarrass agencies and damage their brands. How much confidence will citizens have in our government if it is susceptible to cyber attack?
Now is the time for these agencies to shore up security efforts, implement best practices in securing critical assets and ensure that they will not be an open target for the growing number of cyber criminals and vigilantes determined to exploit weaknesses.