Fake Hacks as Dangerous as Real Ones, Says Security Expert
Article date: Wed, 07 Mar 2012 14:50 GMT
Hoax hack attacks are as much of a threat to businesses as genuine attacks according to a leading-security expert. And companies without a contingency plan are leaving themselves wide open to irreparable damage to their brands.
A hoax attack - when a party falsely claims to have compromised your security and releases fictional data to the press and public - is capable of causing the same amount of damage as a genuine attack at a lower cost to the perpetrator.
A falsified attack on entertainment retailer, Game, earlier this year highlighted fake hacks as a significant threat for businesses to consider.
"At the start of the year we heard about the hack on entertainment retailer Game and that their customer database had been compromised, leading to a leak of customer contact details on PasteBin," explains Stuart Coulson, cyber security expert and director for data centres at UKFast.
"Within the next 24 hours it became apparent that the leaked information actually had nothing to do with the company, an official statement confirmed so, and the attack had been falsified.
"By this point - even though it was only a day later - the damage to their reputation had already been done and many will have judged them falsely as an unsecure e-tailer to shop with."
According to Coulson, a fake attack can have the same damaging effect on a business because the general public take news of hacks on face value and won't necessarily do their due diligence on a story, so once an announcement is made the damage is already done.
The culprit of the Game hoax isn't yet known but, Coulson says, the potential perpetrators are varied and could well be associated with your business.
"Ex or disgruntled employees, competitors and unhappy customers are all capable of something like this as well as all of the usual hacking groups. We've seen hackers demand payment in order for firms to avoid being victim of a real hack, in fact, those offenders don't even have to follow through with a genuine attack - they can have the same impact by faking one."
The ease of sharing information over the internet, especially through social media, means that no matter how quickly a business releases a statement to deny the attack, it is likely to have already spread across the net - creating a permanent and searchable record of a hack that actually never happened.
The affected business must also then absorb the cost of crisis management to mitigate the bad PR created by the hoax.
Jonathan Bowers, communications director for UKFast said: "It's impossible to put a cost on that kind of reputational damage to a brand but there are things you can do to limit it.
"Check the evidence as soon as a threat presents itself. Get someone involved to check the vulnerability and publicise that you are doing that and what you find. Address it and keep your clients informed. The worst thing you can do is ignore it and delay your response. Take advice from lawyers on how to respond if you're unsure.
"Develop good relations with your clients, industry contacts and, importantly, journalists so they will come to you to check the facts before they publish the story. Make it clear on your website and through social media who the point of contact is for queries."
The knock-on effects of genuine attacks have seen businesses including DigiNotar - the Dutch certificate authority - file for bankruptcy following hack attacks due to irreparable damage on their brand reputation.
Coulson continued: "The most concerning thing highlighted by the Game hoax hack is that it could be done to anyone, by anyone.
"The main message is an age-old one - prevention is better than cure. Make sure you've got the right security in place so you can be confident that any suggestion you've been hacked is unlikely.
"Have all of the documentation in order that proves you take security seriously - you can present this quickly if a rumour emerges that your security has been compromised.
"Be aware of where your brand is. Think about who you are connecting to on social media and justify why you are connected to them. Think about what you post on Twitter - there's no delete in social media.
"Be aware of your company or any employees posting inappropriate content that could entice unwanted retaliation."
Top 5 Tips for Damage Limitation
Although there is little that can be done to protect from hoax-hacks, here are UKFast's top tips for damage limitation:
Check the vulnerabilities immediately
Keep your clients, contacts and journalists informed
Take advice from lawyers if you need to
Keep your security tests documentation handy
Act sensibly on social networks - don't incite retaliation
print this article.Return to Press Releases