If you are in charge of defending IT systems you know there’s a big difference between an attacker who is trying to steal payment card data and an aggressive assault by folks who wants to expose your internal emails and trash your servers and/or reputation. In the last twelve months we’ve seen a number of high profile attacks that were not straightforward grabs for monetary instruments or intellectual property (although there were plenty of those as well). So what can we learn from these aggressive attacks, like the one on the Italian “security” company called Hacking Team, or AshleyMadison, and SonyPictures?
Recently I presented a 55 minute webinar on this topic, a recording of which you can view if you scroll down the page. The following paragraphs distil some of the observations I made.