When it comes to protecting your digital goods from hackers, should you take the high road or beat them at their own game? In the wake of recent cyberattacks, some companies are feeling pressure to adopt a more active cyberdefense strategy -- sometimes referred to as hacking back. While hacking back may not be mainstream, it's got vocal advocates in some quarters, including former National Security Agency General Counsel Stewart Baker.
Are active cyberdefense strategies a smart approach to protecting your digital properties and warding off attacks, or are they a reckless, unlawful approach that puts your organization -- and others -- at risk? In the recent SearchCompliance #GRCChat, our Twitter participants and site editors weighed the pros and cons of active cyberdefense strategies.
Are "hacking back" or "active cyberdefense" strategies an effective route to data security?
As hackers get smarter, the number of threats increase and the options for effective response dwindle, it's not hard to see why active cyberdefense strategies are under consideration at some organizations. The key to smart active cyberdefense is not taking it too far, said our #GRCChat-ters, who emphasized the importance of risk assessment in deciding whether to hack back:
A1 As many companies are frustrated with cyber lawlessness and lack of recourse against hackers- turning to "active defense" #GRCChat— Ben Cole (@BenjaminCole11) November 20, 2014
A1 Businesses might not get security answers they need after a hack – hacking back could gather much needed cybersecurity intel #GRCchat— Ben Cole (@BenjaminCole11) November 20, 2014
Participants were quick to point out the potential legal penalties and collateral damage of hacking back:
A1: I tend to think of data security as something you design/build, not something you can take back after a hack. #grcchat (1/2)— Forvalaka41 (@Forvalaka41) November 20, 2014
A1: Hacking back is taking risks w/ criminal and civil penalties depending on what's done to whom and their role. (2/2) #grcchat— Forvalaka41 (@Forvalaka41) November 20, 2014
A1: yes, best way to learn is from the trenches, get in the mindset of a hacker #grcchat— Fran Sales (@Fran_S_TT) November 20, 2014
Turning to honeypots, computer systems designed to "trap" anybody who attempts to breach another computer system, participants discussed the benefits and potential pitfalls of such systems with regards to cyberdefense:
A1 Honeypots = passive? Most seem OK with that strategy, but what comes next? Building the next Stuxnet, probably not OK #grcchat— knowlengr (@knowlengr) November 20, 2014
A1 Honeypots require a bit more layering in infrastructure; can backfire & bring you out from "under the radar" #grcchat— knowlengr (@knowlengr) November 20, 2014
One participant touched upon the difficulty in finding professionals with the talent to build active cyberdefense strategies, short of hiring the hackers themselves:
A1 The sort of talent needed to build counter-cyber attacks generally not recruited / recruitable by global enterprises #grcchat— knowlengr (@knowlengr) November 20, 2014
Do you think hacking back is an effective approach in protecting your data? Are the risks worth the rewards? Sound off in the comments section below.
To learn more about hacking back, check out SearchSecurity's definition of the term and its possible role in the enterprise. Then hear one CTO's take on the pitfalls of active cyberdefense. Finally, read about the ethical gray area surrounding hacking back.