Hackers seem to have a romantic, exotic reputation in popular culture – a band of misfits working together against The Man that is trying to bring them down. However, in recent months, that reputation has hit close to home for some cyber-security firms.
In the last six months, four such firms, RSA, HBGary Federal, Booz Allen Hamilton and ManTech, have been successfully hacked by a “hacker collective” self-titled “Anonymous.” In each instance, Anonymous stole and posted numerous messages, and in the case of RSA, utilized information to break through a client’s (Lockheed Martin) firewall. The cost for RSA? Upwards of $90 million and counting.
“With the rise of hacktivism, now the people who break into you tell you they break into you,” said Jeff Moss, founder of the Black Hat conference, which took place the first week in August in Las Vegas.
What is the point of this public humiliation? Other than fun, it seems to be a combination of financial/strategic political gain (such as the theft of information on military technology, as may have been the case with Lockheed Martin) and the desire to raise awareness that the largely self-regulated cyber-security industry may have more gaps in its armor than it would like to admit.
For most start-ups, other than those dealing with sensitive customer or technical data, the risks of major hacks are low. However, the theft of proprietary information and the resulting economic fallout are a threat to every company. When such cyber-threats are out there, particularly for start-up companies whose cyber-security budgets are constrained, the most effective tool is employee education, since most hacks target a specific employee and trick him or her into opening up an email attachment or link inside the firewall.
This post on Start-up Issues was authored by Caitlin Vaughn.