How can big companies fight hackers?
As Sony finds itself on the receiving end of a hacking campaign, just what problems are big companies facing in this area and what can they do about it? Simon Brew takes a look.
Leaving aside the ramifications of Sony and the PlayStation Network though, there's another significant problem the firm faces in the midst of hacking attacks: just what can it do? How can you defend yourself as a large organisation when a small group of unidentifiable individuals decide to target your website?
By the very nature of being a big company, you leave gaps and smaller groups are far more nimble at exploiting them than a large firm is at covering them up. It takes more than a busy IT department putting fingers in the appropriate dams.
Even appreciating in many countries the legal argument was on its side, how do you begin tracking down a group like Anonymous? Was there a ringleader it could find? Was there any guarantee Sony could find them and take action against them? What if they were in a country where jurisdiction differed? Heck, who exactly is a member of the group and how can you be sure you've got their true identity?
It takes more than a busy IT department putting fingers in the appropriate dams
These are not easy questions to answer and Sony knew it because even if things went its way, it would take months to execute any kind of proper, effective action. That's if the legal system was working at anything approaching decent speed.
Furthermore, even if it managed to get something done, then Sony ran a very real risk others would take up the mantle. Basically, by fixing what it saw as the immediate problem, it risked making the problem worse. At the very best, it knew it was an impossible PR battle to win, with a David and Goliath scenario being portrayed. At worst, that PR battle would turn into something far trickier to deal with.
It's an experience many other big companies will be looking at nervously. Anonymous alone has targeted the likes of the Bank Of America and YouTube. Worryingly, these are the hacking attacks we've found out about and the ones where there was an intended public impact.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
So what about the ones off-radar? Anonymous may be high profile, but most hackers aren't. It's only a year since McAfee was saying "we have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack," in response to major hacks on the likes of Google and Adobe.
Also techniques increasingly allow hackers to cover their steps. There's a mantra of sorts in security circles if a proficient hacker doesn't want to be found, then they absolutely won't be.