As angry hackers plaster personal information of LulzSec’s key members online, and with law enforcement nipping at their heels, the LulzSec crew has apparently returned back to the Anonymous collective from whence they came. LulzSec may or may not be gone (I suspect they’ll return due to “popular demand”), but the hacking will continue. In the past months, LulzSec, Anonymous, and several other makeshift collaboratives have shown the world just how easy it is to take down a website, humiliate corporations and government agencies, and steal confidential data. And just as importantly they have illustrated for us how difficult it is for law enforcement to identify, pursue, and capture them.
In time, these particular hackers may be caught, but in the larger scheme of things, their arrests will have little impact on data and Web security. The Internet is a target-rich environment for hackers, and no matter how big or small an organization, if you’re on the Internet, you’re a target. Websites and databases have been under attack for years, and with the anonymity of the Internet in their favor, very few hackers get caught…and even less are successfully prosecuted.
Web applications and databases of all kinds are susceptible to a myriad of attack. Because these vulnerabilities have been around for ages and are well documented, any Script Kiddie can learn to exploit them. Whether for fame, fortune, political agenda, or just for the lulz, hackers will continue to probe computer systems on the Internet. Even if your organization isn’t a household name, if your computer systems are connected to the Internet, there is little doubt those systems will be probed, and the vulnerabilities that are found will be exploited. If not by ex-LulzSec or Anonymous members, then by any of the countless hacker groups, and the hundreds of thousands they’ve inspired.
Make no mistake, no matter how high, deep, or wide your outer defenses may be, attackers WILL find a way over, under, or around them. Script Kiddies will attack your websites, determined attackers will breach your inner defenses, and the serious blackhat hackers will do untold damage to your company from the inside out. And most will never be detected until long after they are gone from your systems. Hackers will also target your authorized users with spear-phishing and malware attachments, in an attempt to trick the authorized employee into inadvertently granting the attacker access to internal systems. Malicious insiders don’t have to worry about getting past any of those defense layers – they’re already authorized to be inside your defenses. And once inside, the data is ripe for the taking.
In the end, no single technology will prevent all attacks from succeeding. Security best practices dictate implementing layers of security defenses, policies, and employee training to ensure that when one defense fails the hacker must contend with many other defense layers..
While the threat of attack isn’t new, protecting your organization’s sensitive information has never been more important to your business.