SCENARIO: A hacktivist group threatens to target your organization following an incident involving an allegation of use of excessive force by law enforcement. You do not know the nature of the attack they are planning. How can you improve your posture to best protect your organization?
What is your response?
Discussion questions
• What are the potential threat vectors?
• Have you considered which attack vectors have been most common over the past month?
o Are there other methods you can use to prioritize threats?
• Have you checked your patch management status?
• Can you increase monitoring of your IDS and IPS?
o If you don’t have the resources to do so, is there another organization that could be called upon to assist?
• What organizations or companies could assist you with analyzing any malware that is identified?
• How do you alert your help desk?
• Do you have a way of notifying the entire organization of the current threat (bulletin board, etc.)?
• Does your Incident Response Plan account for these types of situations?
Processes tested: Preparation
Threat actor: Hacktivist
Asset impacted: Unknown
