Businesses should forget about hacktivists and concentrate on getting the security basics right, a panel of IT security practitioners told attendees of RSA Conference 2012 in San Francisco.
"Adherence to sound basic security principles is what it should be about, not about who may or may not be carrying out the attacks," said David Litchfield, chief security architect at Accuvant.
All the hype around hacktivist groups such asAnonymous is tantamount to FUD (fear, uncertainly and doubt) that is used to beat businesses with, he said.
What is more important to highlight, according to Litchfield, is that simple attacks are still winning because organisations are failing to address them through sound security practices.
These include user training and awareness, said Johnathan Tal, chief executive of Tal Global. Social engineering is a common attack method, whether by hacktivists or criminals, he said.
Read more RSA Conference coverage
- Rationalise security compliance obligations for greater efficiency, says Microsoft
- RSA 2012: RSA takes market-leader position seriously, says Heiser
- RSA issues security industry call to arms
- IT security industry in challenging position
- Trustworthy computing more important than ever, says Microsoft
- Special Conference Coverage
- SSL certificate authority security takes a beating
- RSA Conference 2012 keynote prescribes intelligence-driven security
- International cloud computing security standards needed
The same is true of so-called advanced persistent threats, as shown by the March 2011 attack on RSA, which used social engineering to lure staff into clicking on e-mails that unleashed the malware used to access the internal network, said Uri Rivner, head of new technologies, ID protection at RSA.
"Even where perimeter protections are pretty decent, attackers are using social engineering methods to tunnel through those defences," he said.