02-27-12 | Blog Post
Over the past decade, we’ve seen the way we do business get flipped upside down. A lot of business processes we used to do on pen and paper are now being automated and processed online, allowing data to be accessed in many different ways. While in some ways this has benefited us in productivity and created many headaches (for the most part), this has also left our data more vulnerable due to increasing the amount of associated access points, which in turn can result in opportunities for data access and/or theft.
Hacktivism – (according to Dictionary.com) is the practice of gaining unauthorized access to a computer system and carrying out various disruptive actions as a means of achieving political or social goals. This word spans a large group of activities, from nonviolent/violent acts to achieve/promote their views. This type of practice has been around for some time, but its now come into the spotlight on a larger scale with no slowing down.
A huge contributing factor in the rise in Hacktivism has been the group Anonymous. Anonymous consists of users all over the world who have similar goals of stopping organizations and retaliating against anti-piracy groups. Their main form of attack is a Distributed Denial of Service (DDoS), which is an attempt to make a computer or network resource unavailable to users.
One way this works is by sending multiple communication requests and rendering the machine either very slow in responding, or to the point where it cannot respond at all, making the machine useless. They’ve used this type of attack and many others to take down sites that they believe are against their views. Some of those attacked sites include: the FBI, Universal Music Group, the Motion Picture Association of America (MPAA), the Justice Department, and many others for their stances on certain issues, such as the Stop Online Piracy Act and the shutdown of popular file sharing service Megaupload.
Also, Anonymous has made many threats in the past few months of attacks being made on the nation’s power grid, Facebook, and bringing down the Internet by attacking its root name servers sometime in the near future. These kinds of threats if put into play, could affect all of us who do business and use the Internet as a main resource (which is nearly everyone). When and if this may happen, we do not know, but only time will tell.
So what does all of this mean for you as a business owner/organization? You are probably saying to yourself, “This means nothing to me. This involves political and large-scale organizations. I am, in no way, affected by this.” Even with all of these sorts of demonstrations and attacks going on in the background of our own daily practices, I hope we all begin to take a second look at the security of our data.
There’s no reason to wait until something happens. Whether that’s having some sort of IT disaster recovery option in place, putting your credit cardholder data in a PCI compliant environment with the help of a PCI hosting provider, or your PHI and EMRs in a HIPAA compliant environment, all organizations need to begin the process of knowing if their data is safe and what they can do to improve on that process. There’s no telling what could happen if your organization’s data was unavailable or in the wrong hands for 5 seconds, let alone a few days. The way we do business is changing each and every day, so stay ahead of the curve in order to ensure that your data will be safe, secure, and available when you need it most.
