Businesses and individuals are getting fed up with always being one step behind cyber criminals and constantly playing defense. In an attempt to be more proactive and shift the dynamic, some security experts are now advocating active countermeasures—basically attacking the attackers. While getting revenge has a nice ring to it, becoming an attacker raises a number of ethical issues.
Bruce Heiman, a partner with K&L Gates LLP, presented a session at the 2014 RSA Security Conference titled “Cyber Vigilante or Self Defense?” Heiman discussed the challenges facing businesses and consumers and the moral and ethical dilemma of turning the tables on the attackers.
The session began by claiming there are only two kinds of companies—those that have been hacked, and those that have been hacked but don’t yet realize it. Heiman pointed out that the odds greatly favor the attacker because a target must defend against all possible exploits and attack vectors, whereas the attacker only has to find one weakness to compromise your system.
The traditional defenses involve prevention, mitigation, and collaboration. We use firewalls and antimalware software in an attempt to block threats, we respond to security incidents and attempt to minimize the damage and return to normal operations, and in some cases, we involve outside security vendors or law enforcement to help with a forensic investigation to determine how the attacker got in. [inlinetweet prefix=”” tweeter=”” suffix=””]The problem is that the entire model is reactive and always gives the attackers the first move[/inlinetweet].
You can read the article on the RSA blog: Getting Revenge: The Ethics of Active Countermeasures.