Hacktivism a New Concern for Public Entities
Until very recently, most cyber incidents (a shocking 93%) were conducted with the goal of making a profit for the cyber attackers. However, an increasingly polarized political climate nationally, statewide and locally has brought a new type of cyber-attack to the forefront: hacktivism.
What is Hacktivism?
Hacktivists target governmental entities to protest and/or assert their concerns over decisions made by the governmental entity. They want their attacks to be well publicized.
Hacktivists can do this through several means. They can shut down a website through a denial of service attack, lock your system down so it cannot be used by employees and/or customers, or find and release potentially damaging and/or embarrassing information.
Hacktivism Risk Mitigation
To prevent and mitigate any type of cyber incident, an organization needs to have the following cyber risk mitigation programs in place:
- MFA access requirements, including access to email, remote desktop protocols, and any privileged accounts
- Patching protocols
- Up to date anti-virus/malware software
- Employee training regarding phishing and social engineering scams
- Email security including external email warning and spam quarantine
- EDR (End point detection and response tools)
- Encryption of sensitive data
- Daily system back-ups
- System backups stored off-site or air gapped and subject to MFA
- A documented and tested business continuity plan
- A documented and tested incident response plan
Key takeaways
Public entities are key targets for cyber criminals, not only due to the sensitive (and valuable) information you maintain, but now for the opportunity to use hacktivism to prevent individuals from accessing your services or to release potentially damaging or embarrassing information in response to a decision by the public entity.
Now is the time to review your cybersecurity protocols and systems, and speak with your M3 account executive about what risk mitigation strategies you need to have in place in order to protect your organization.
This article was written by Marty Malloy. Marty served as a Director of Education & Government Practice at M3 until his retirement in 2023.