Sonit Jain, CEO, GajShield Infotech

A seasoned and successful entrepreneur, Mr. Sonit Jain started GajShield in 2002 and has been the driving force responsible for establishing GajShield as the leading and continuously emerging company, offering modular integrated security solutions. His passion to make Cyber Security accessible and interesting has led him to become a leading expert in the Cyber Security Space. Under his leadership, GajShield has accelerated growth, with a worldwide network across 10,000+ locations, wealth of awards and certifications, establishing the distinction of being the only Indian Brand, operating in the Indian firewall space since 2002.

 

Hacktivism, an obvious portmanteau of hacking and activism, is a way of using hacking as a medium for protests or proving a point. In the recent past, examples of hacktivism attacks include activists launching online attacks against financial behemoths such as MasterCard, Visa, and PayPal in 2010, causing their websites to go momentarily offline and, as a result, causing huge losses to the companies. The hacktivism attack was carried out in response to the three companies earlier cutting ties with the non-profit, whistle-blower organisation Wikileaks. Mostly, if not always, hacktivism attacks are politically driven. Although one can understand the motive behind such data security attacks, the truth is, they can be used to devastate your IT infrastructure. For this reason, hacktivism attacks need to be prevented at all costs.

How hacktivism impacts banking

Banks are a cauldron of constantly evolving data. From customer segmentation metadata, to customer KYC details, to deposit and withdrawal records, to loan status records, to name a few. On top of that, banks also have to save other details, such as employee records, cash reserve ratio-related data, statutory liquidity ratio-based information, and other types of data. Hacktivism data security attacks can be used to steal these types of data or to manipulate them, making them unusable for banks. Particularly vindictive hacktivists may steal such information from banks through various ways before selling them to external malicious entities.

Hacktivism attacks can be extremely embarrassing for banks. These types of data security attacks end up featuring on various media outlets. Data breaches or identity theft result in massive collateral damage for banks. Apart from the embarrassment, banks also risk losing customers as they would feel insecure investing their hard-earned money in a bank in which the data security infrastructure is not robust enough.

Hacktivists can abuse personal data such as investor names, addresses, mobile phone numbers by publishing them in public forums. This makes investors of a bank extremely vulnerable to further attacks once their personal data is published on public places. For hacktivists, the problems faced by your customers are nothing more than collateral damage.

Perhaps the biggest impact will be the financial and legal repercussions that banks will have to face in the immediate aftermath of a hacktivism data security attack. For example, investors have the option of taking legal action against a bank that lost their money or data to a data security attack. Banks will be liable to pay millions of dollars worth of compensation to customers as, owing to their negligence to prevent such an attack, they’ll be under pressure from courts to do the same. Financial institutions in the EU and other countries with strict data protection laws make it mandatory for banks to create impenetrable data security frameworks and measures to safeguard valuable and confidential customer information.

Simply put, although hacktivism initiatives may be carried out by hackers with good intentions too at times, such attacks will leave your data, finances and reputation in ruins if not predicted, prevented or at least mitigated in time.

How you can deal with hacktivism attacks

Hacktivism attacks are generally carried out in the form of standard cyber threats, such as DDoS attacks, malware threats and phishing. A big part of dealing with such attacks involves pre-empting the motives of attackers before creating short and long-term strategies to deal with them. Here are some proactive methods to deal with hacktivism attacks:

Looking for social media red flags

As stated earlier, hacktivism attacks are not impulse-driven. There are certain triggers that may cause hacktivists to launch attacks on banking websites and databases. In other words, hacktivism is a culmination of various factors that ends up in data security attacks on banks and organisations in other sectors. For example, consider a bank being in the news for the wrong reason — such as being associated with an organisation known for its racist treatment of its employees of colour. Although farfetched, the bank can expect to be at the wrong end of hacktivist attacks for such an association. So, understanding the factors that may lead to an attack like this is critical for banks, who have much to lose if they’re at the receiving end of a hacktivist attack.

Social media posts, images and videos are generally good indicators of the general public’s opinions and feelings regarding a given bank. Banks need to monitor all social media platforms periodically to discover the public opinion about them. Banks can employ a specialised team for the purpose or use machine learning-based applications for this monitoring purpose. Accordingly, on detecting cues of a potential attack, banks can bolster their data security infrastructure and use communication through various channels to positively change public sentiment regarding their image.

Bolstering data security infrastructure

As stated earlier, hacktivism attacks are no different from regular data security threats. To protect vital banking data from such attacks, banks must incorporate specialised context-aware data security firewalls and cloud security management systems. Such applications can track data security threats in digitised banking networks and notify your cybersecurity team regarding the same or take preventive action to deal with the threats.

Content Disclaimer

Related Articles