In light of recent hacking news including charges against Reuters’ Matthew Keys and today’s sentencing of AT&T hacker Andrew Auernheimer, Mark Bower of Voltage Security said, ”Vulnerable systems exploited by attackers can have serious consequences beyond hacktivists claiming their break-in trophies. The impact of the Keys situation was manipulation of the media, and potentially access to sensitive data. That in itself could have costly impact depending on how readers or even industry groups might respond to a manipulated story, as well as the fallout from potential sensitive data theft. If system used to communicate with the public can be manipulated, then there will be consequential costs and harm.
Over the years we've witnessed repeated successful attacks to critical infrastructure, hospitals, patient data, banks, credit card processors and government - the stakes are high, and so courts can't take any attacks to any critical infrastructure lightly when establishing the extent of punishment,” he added.
Bower, who was interviewed live by The Huffington Post this morning about the Keys case, further commented that “for every attacker who’s caught and penalized, there are probably 50 or more who aren't. And so firms can't rely on the courts and punitive sentences to deter attackers as a strategy to defend their valuable data assets. Many attacks originate outside the jurisdiction of law enforcement, and law enforcement's ability to trace attacks might also be very limited. By then however it’s too late: the damage is done and the data is long gone or the systems manipulated. This once again points back to the need to take pro-active steps to mitigate the fallout from the inevitable system compromise and breach.
The good news is that today it’s not hard to do. There are new, powerful techniques available today such as data-centric security technologies which make attacks to data benign events without disrupting business. Leading firms all around the world who saw the writing on the wall for traditional IT defenses are already using the approach successfully today - the outcome is that the business can get on with growth, and the attackers will move on to easier targets. As history proves there's plenty of those for Anonymous and the like to pursue.