The announcement that LulzSec has disbanded after their 50 day campaign has been met with mixed reactions. What remains clear is that previously considered secure IT environments have been breached in some capacity and details taken with limited or no detection. Furthermore, even after compromise, implicated organisations have still failed to take all necessary actions, both reactive and proactive to implement a more comprehensive security management policy to protect customer data and corporate integrity.
If nothing else, the actions and activities of LulzSec should prompt us all to review our IT security strategy, the integrity of our customer data and the how this is managed and maintained to minimise compromise. It is unlikely LulzSec will be a lone crusader, reinforcing the imperative to review immediately. Customers are painfully aware there are increased risks associated with sensitive data. If and where customer data is compromised through online services, customer’s are increasingly likely to move their purchasing strategy whilst making security breaches a key selection criteria in assessing alternative suppliers. It is therefore imperative to consider not just IT security, but the management of customer data and ongoing maintenance of policies and verification as a priority in any IT strategy.
A pragmatic approach to managing customer data and protecting organisational Intellectual Property is an increasing blend of analysing internal activities and trends as much as managing the continual barrage of external threats whilst increasing the functionality and sales channels and applications to end users. It is critical to remember it is as equally important to focus on threat mitigation in compromise as it is in managing incidents if and where these occur.