“Even if this type of action were to become legal, most organizations are too optimistic about their abilities to target the correct intruder.”
At the recent RAS Conference in San Francisco several discussions took place around the topic of cyberattacks from nation state actors, a survey conducted at the conference found that 87 percent of security professionals believe the world is currently in the midst of a cyber war.
This is according to Utah-based cybersecurity company Venafi who surveyed over 500 RSA Conference attendees. Over 70 percent of attendees surveyed believe that nation states should be able to fight back or ‘hack back’. This would involve the systematic targeting of cybercriminals in sovereign countries.
Kevin Bocek, VP of security strategy and threat intelligence at Venafi commented in a release that: “It’s clear that security professionals feel under siege. With the increasing sophistication and frequency of cyberattacks targeting businesses, everyone is involved in cyber war.”
Organisations Should Be Able to Counteract Cybercriminals by Hacking Back
Enterprises and organisation are frequently shown to be the most under siege from cybercriminals seeking to steal sensitive data, either to hold for ransom or sell to the highest bidder. In the case of companies with government ties threat actors associated with nation states are targeting sensitive technologies under development.
The Venafi RSA survey found that more than 50 percent of cyber security professionals believe that private organisations should have the right to ‘hack back’ or act in a retaliatory manner that would see the industry change from a defense stance to a more aggressive approach in tackling cybercriminals.
Bocek commented that: “Even if this type of action were to become legal, most organizations are too optimistic about their abilities to target the correct intruder. Even with the most sophisticated security technology, it’s nearly impossible to be certain about attack attribution because attackers are adept at using a wide range of technologies to mislead security professionals.”
“For many organizations, it would be better to focus on establishing stronger defense mechanisms. We’ve seen excellent growth in cloud, DevOps and machine identity technologies that allow digital business services to be restarted in the event of a breach, effectively delivering a knockout blow against attackers.”