Because of the evolving nature of the attacker populace and their adoption of social media and open source mechanisms for crimeware tool development.
New threat models are being applied across the board to sites that either had no attention on threat management or were woefully unprepared for the threat models that got focused against them.
Hacktivism is indeed an extended threat for information security.
You can be targeted for your business partnerships, role in the supply chain, political leanings, or public position — OR simply to steal CPU cycles/storage from your systems because of your valuable data or simply because you have a common vulnerability. There are a myriad of reasons from the directly criminal to the abstract.
Social media and the traditional media cycles are simply amplifying the damage and drawing attention to the compromises that would not have made the news a few years ago. Web site defacements get linked to conspiracy groups.
Large attacker movements get CNN headlines whereas they were basically ignored by most just a short while ago.
However, the principles of what you can do about insecurity and compromises remains the same. Do the basics of information security and do them well. Know what you have and its posture. Take the basic steps to understand its life cycle and provide protections for the important data and systems.
Implement vulnerability management, reduce your vulnerabilities, increase your detection/visibility capabilities and have a PLAN for when something goes wrong. Practice your plan and accept that failure is going to occur.
Adopt that as a point of your engineering. It may sound simplistic, but doing the basics and doing them well, pays off time and time again. Apart from seeking whiz-bang, silver bullets; the basic controls established by The 80/20 Rule of Information Security, the SANS CAG and the other common baselines that are threat focused continues to provide stable, measurable, effective safety for many organizations.
That’s it. Do those things and you are doing all you can do. If an attacker focuses their attention on you, they will likely get some form of compromise. How much they get, how long they have access, and how bad it hurts is up to you.
Just my 2 cents. Thanks for reading!
Cross-posted from State of Security