Another key issue is that Internet crimes tend to pass through many geographies and legal jurisdictions. Not only are you inviting potential legal problems striking back against attackers in your own country, but when actions that cross borders have much wider ramifications.
Additionally, most strikeback activity is illegal. It is illegal for the average person to track down and punish a burglar who ransacked a house, and such is the case for cyber crimes. If an organisation uses a booby trapped document to install a Trojan on the attacker's network, it is technically breaking the same type of computer fraud and abuse laws that the attacker broke to steal information in the first place.
When it comes down to it, strikeback is simply revenge. If a network has already been breached, striking back against the attacker doesn't recover stolen data or repair damage that has already been done. Time is better spent pursuing legal investigations and prosecutions through the proper channels.
If Not Strikeback, Then What?
Organisations are frustrated and fearful of cyber attacks, which is why the idea of strikeback is gaining popularity. But companies don't have to sink to a cyber criminal's level to protect themselves.
First and foremost, organisations need to implement a multi-layered security policy to increase the chances of catching hints of an advanced attack. For example, a zero-day browser exploit might sneak past an IPS system, but perhaps proactive malware detection solution will catch the dropper file it uses as its payload. Unfortunately, many companies are still just relying on legacy firewalls and old-school antivirus, rather than a comprehensive, multi-faceted solution.
Just as important as implementing a comprehensive security policy is ensuring it is configured properly. A number of surveys suggest most network breaches are due to organisations either misconfiguring or not implementing basic and intermediate security controls. Security controls can't protect networks if they are not carefully deployed and closely managed.
Also, most organisations focus almost exclusively on attack prevention. No matter how strong a company's preventative defences, its network could still get breached. It is important that security solutions should also focus on network and security visibility tools that can help identify and respond to anomalies.
Security professionals should also keep in mind there is nothing wrong with actively blocking a user that is a suspected attacker. Some security controls have the capability of auto-blocking the source of suspected attacks, putting the source address of a particular port scan in a "time out" box, blocking all its traffic.
Let Strikeback Strikeout
In summary, strikeback doesn't belong in private business. It offers no real advantages to normal organisations, and the risks are not worth the sense of revenge. Companies should focus their security strategies on multi-layer defence that is implemented well and monitored carefully to stop cyber criminals in their tracks, rather than planning retaliation for a network breach.
Scott Robertson is vice president Asia Pacific, WatchGuard Technologies.
Sign up for CIO Asia eNewsletters.