Identifying Cyber Risk and the “Hacktivist” Threat

Ethical consumerism connects insurance companies and their clients to a new range of emerging risks not the least of which are hacktivists. The world has moved on since the days when animal rights activists employed crude death threats as one manifestation of angry activism.

Some people still employ these tactics, of course, but in 2016 activists also use quite sophisticated digital methods such as targeting an organisation’s website thus damaging brand reputation and financial stability, which is a more modern, virtual kind of threat.

Wikipedia is always a good source of definitions for technology-related issues. It defines hacktivism as “the use of computers and computer networks to promote political ends, chiefly free speech, human rights, and information ethics”. As with any technology, “hacking” and therefore hacktivism can be a force for good or evil.

More sophisticated hacks are increasingly being carried out by groups of hackers or nation states, as opposed to individuals. Two of the most widely known groups are Anonymous and Lulz Security (more commonly abbreviated to LulzSec). According to Computer Weekly, many targets of hacktivist groups are of a more overtly political nature. LulzSec, attacked InfraGard a partnership between businesses and the Federal Bureau of Investigation in the US. It successfully attacked the US Senate and the Central Intelligence Agency websites.

It defaced the InfraGard website, damaged the Senate by releasing some “secure” information, and hit the CIA by taking its site down for over two hours. It also attacked the UK National Health Service, but in this case it performed a public service, merely sending the NHS an email informing it of the security vulnerability it had found.

Living in today’s connected world means that organisations have to be aware of how their organisations actions put them at risk of being the victim of a cyber-attack.

If you are an insurance broker, for example, whose client is a large pharmaceutical company, which is known to conduct testing on animals that puts the broker’s website and internal controls at risk. It is difficult to mitigate such a risk but not impossible.

A good place to start for such an insurance broker would be to monitor its social media channels very carefully for “hacktivist” chatter but there are other methodologies that can be employed, which I am happy to share with anyone that want to give me a call. In my next and final blog on identifying cyber risks I look at other threats to the business.