Statistics from the 2012 Data Breach Investigations Report from network provider Verizon indicate that the biggest thieves of data are now the hacktivists – activists with the ability to hack into organisational data systems. Hacktivism puts a new spin on the business case for business continuity because they are no longer hacking just to show they can do it, or to steal information with a financial value. Hacktivists are intruding in order to protest, expose, or embarrass the organisation or enterprise that they are targeting. Whatever the ethics involved, business continuity can be affected short term, long term or both. However, the report also points out another disturbing finding.
The data from the report comes from 855 “confirmed data compromises”, put together with help from a number of state organisations from the US, Netherlands, Australia, Britain and Ireland. The size of the organisations having suffered compromised data varied from small to large, including national governments. In 92% of the cases recorded, the victims did not know they had been hacked – it took them weeks or even months to find out, after a third party informed them. With the potential for damage to continue during such periods of ignorance, the business case for business continuity is naturally strengthened if it can shorten such periods or eliminate the problem altogether.
What the Verizon report concentrates on is the number of intrusions happening via some sort of network device. Its proposal includes raising awareness in organisations of the need for better security. However, hacktivists, like the generations of hackers before them, are surely no strangers to the power of social engineering, a hacking methodology that depends very little on technology and a lot on basic psychology. Raising awareness about information security in general (handling classified information, clear desk policies, password rules and so on) can generate a good return on investment, and improve the business case for business continuity plans and practices.