There is a fine line between Hactivism and Hacks of Terrorism. Consider this article recently published by The Register which states that “58% of all data stolen last year can be attributed to hacktivism.”
Hactivism is defined as “hacking to advance political and social objectives”. Terrorism is, “the use of violence and threats to intimidate or coerce, especially for political purposes”. A hack of terrorism is a combination of both, “hacking to instigate violence and threats to intimidate or coerce, especially for political purposes.”
The fine line is a cross between perception and the reality of associated violence and one can beget the other.
Organizations often struggle with internal security challenges and associated government regulations such as PCI/DSS, MiFID, SEPA, Basel II, EDPD, SOX, IFRS, FACTA, etc. Combine this with organizations pushing internal IT development shops to deliver products and services more quickly to compete effectively with other organizations and you wind up with a recipe for a prime landing spot for hacktivists.
Whether you are the DOD or Wikileaks, an organization’s approach to security can vary greatly. A pragmatic approach is to determine the “cost” of security approaches to an organization, from extremely restrictive to wide open and somewhere in between. The cost is the financial impact from a security approach. When performing a financial impact analysis to a security approach, two items to consider are: 1) revenue impact through delays of product deployment due to a complex security approach, and 2) revenue impact of a compromised infrastructure, especially public perception and impact to future revenue or the cost of fixing a compromised infrastructure. This approach can effectively be used for government organizations, non-profits, SMB’s, and large enterprises. After completing a financial analysis, choose the policy that minimizes financial impact and implement protocols and tooling that supports the security policy. Ensure that as your organization changes, that the policy and financial impact is reevaluated.