The rising trend of hacktivism, while generally well-intentioned, can have serious repercussions for your organization. Rather than allowing hacktivists to expose your company's weak spots, security pros must be vigilant in mitigating threats.

Jameeka Green Aaron, Chief Information Security Officer at Auth0

August 26, 2021

3 Min Read

When we hear of a major cybersecurity attack, we immediately think of the perpetrator as a bad actor. We assume it is an individual or, more often, a collective of cybercriminals, stealing personal information for financial gain. However, more and more we're seeing a move to what's known as "hacktivism," which is the act of hacking, not for personal gain but to enact social change or promote a political agenda.

Take the recent Verkada camera hack as an example. Thousands of cameras across a variety of industries were compromised, exposing personal information and allowing the collective to access live video and audio. The collective's alleged hope was to expose the dangers of mass surveillance, but in doing so it violated the privacy of people in prisons, the healthcare system, and more.

As activism across the globe continues to increase, so will cases of hacktivism. That should make it a top focus for CISOs and security leaders. Yet, many CISOs are still reluctant to take these types of hacks seriously and therefore aren't taking necessary steps to protect against them. While hacktivists' intentions may not be malicious, the outcome is often just as costly and damaging to an organization's reputation. Not to mention, it's a violation of personal privacy and information and places a target on an organization once their weaknesses have been exposed. Once a hacktivist compromises a system, and that information becomes public, the door is open for more nefarious activity.

What Hacktivism Has Taught Us
Hacktivism highlights the dual responsibility security professionals take on to not only protect intellectual property but also the confidentiality, integrity, and availability of personal data. What hacktivists unearth, as in the case of Verkada, are the weak spots within an organization — vulnerabilities that have been there all along and could have been taken advantage of by cybercriminals with much worse intentions. It's a call to action to all security professionals to be more vigilant and relentless in our approach to cyberwarfare.

Zero Trust vs. Hackers
Implementing approaches like zero trust is a great start to mitigate cyber threats. A zero-trust networking model asks for permission at each level of protection — it doesn't assume that once an entity is inside the network it is trusted or should have access to everything. It goes beyond traditional perimeter protection and acts as a second and third line of defense for personal information.

Teaming Up in the Fight Against Cyber Threats
In addition to specific security procedures, one of the best defenses against emerging threats is communication. Talk with the different departments within your organization to ensure you know what Internet of Things devices they are implementing and how you can best work together to keep an eye on vulnerabilities. Also, connect with your peers at other organizations about the threats they are seeing, attacks they have mitigated, and the new solutions they are implementing to fight those threats. In the fight against cybercrimes it is all organizations — across a variety of industries — against those bad actors. It doesn't have to be an individual fight.

At the end of the day we know security threats will never go away. They will keep escalating, and it is the duty of all security professionals to be in tune with emerging threats and tactics to combat them. But it isn't always hackers putting personal data at risk. We have seen cases in the past of federal agencies collecting data without considering the impact it can have on those in the crossfire. Hacktivism has taught us that the end goal for security professionals should always be protecting personal data, and that sometimes means being introspective about the ways an organization is gathering or using data — even if the intent (as with many hacktivism cases) is good.

About the Author(s)

Jameeka Green Aaron

Chief Information Security Officer at Auth0

Jameeka Green Aaron is the Chief Information Security Officer (CISO), responsible for the holistic security and compliance of Auth0's platform, products, and corporate environment.

She is a recognized industry and brings 20 years of experience to the role, with a career that has spanned a wide variety of industries, including aerospace and defense, retail, and manufacturing, at both Fortune 100 and privately held companies — including Nike, Hurley, Lockheed Martin, and the U.S. Navy.

Jameeka lives in Irvine, CA, and enjoys traveling, and all things outdoors; hiking, snowboarding, and lounging on the beach. She is committed to advancing women and people of color in Science, Technology, Engineering, and Mathematics (STEM) fields and has participated in the U.S. State Department’s TechWomen program and the National Urban League of Young Professionals. She currently sits on the board of the California Women Veterans Leadership Council, is an advisor for U.C. Riverside Design Thinking Program, and is a member of Alpha Kappa Alpha Sorority, Inc.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights