Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cybersecurity strikeback will strike out in the private sector

Corey Nachreiner, CISSP, director of security strategy for WatchGuard Technologies Inc. | April 26, 2013
While giving cybercriminals a taste of their own medicine might sound appealing, most forms of strikeback do not belong in private business.

Another key issue is that Internet crimes tend to pass thought many geographies and legal jurisdictions. Not only are you inviting potential legal problems striking back against attackers in your own country, but when actions cross borders there are much wider ramifications.

Additionally, most strikeback activity is illegal. It is illegal for the average person to track down and punish a burglar who ransacked a house, and such is the case for cybercrimes. If an organization uses a booby-trapped document to install a Trojan on the attacker's network, it is technically breaking the same type of computer fraud and abuse laws that the attacker broke to steal information in the first place.

When it comes down to it, strikeback is simply revenge. If a network has already been breached, striking back against the attacker doesn't recover stolen data or repair damage that has already been done. Time is better spent pursuing legal investigations and prosecutions through the proper channels.

If not strikeback, then what?

Organizations are frustrated and fearful of cyberattacks, which is why the idea of strikeback is gaining popularity. But companies don't have to sink to a cybercriminal's level to protect themselves.

First and foremost, organizations need to implement a multi-layered security policy to increase the chances of catching hints of an advanced attack. For example, a zero-day browser exploit might sneak past an IPS system, but perhaps a proactive malware detection solution will catch the dropper file it uses as its payload. Unfortunately, many companies are still just relying on legacy firewalls and old-school antivirus, rather than a comprehensive, multifaceted solution.

Just as important as implementing a comprehensive security policy is ensuring it is configured properly. A number of surveys suggest most network breaches are due to organizations either misconfiguring or not implementing basic and intermediate security controls. Security controls can't protect networks will if they are not carefully deployed and closely managed.

Also, most organizations focus almost exclusively on attack prevention. No matter how strong a company's preventative defenses, its network could still get breached. It is important that security solutions should also focus on network and security visibility tools that can help identify and respond to anomalies.

Security professionals should also keep in mind there is nothing wrong with actively blocking a user that is a suspected attacker. Some security controls have the capability of auto-blocking the source of suspected attacks, putting the source address of a particular port scan in a "time out" box, blocking all its traffic.

In summary, strikeback doesn't belong in private business. It offers no real advantages to normal organizations, and the risks are not worth the sense of revenge. Companies should focus their security strategies on multi-layer defense that is implemented well and monitored carefully to stop cybercriminals in their tracks, rather than planning retaliation for a network breach.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.