Logo Header Menu

Vigilante cyber security: collaboration is better than proactive cyber security

Can organisations realistically go on the offensive? Jonathan Couch saddles up to fire-off some words about proactive cyber security, it seems it helps if they can gather up a posse first, because proactive collaborative cyber security can work Vigilante cyber security: collaboration is better than proactive cyber security image

Proactive cyber security is now seen by security teams as a viable solution to the challenge of defending enterprises against the ever-growing threat landscape. This might conjure up images of vigilantes setting out to get revenge for attacks, but the reality is rather different. In my career I have witnessed organisations that went after those that attacked them to disable their infrastructure or recover their data. Is this wrong in terms of what they’re doing? According to the law, yes. But according to common sense? Well I can certainly see where they were coming from.

Nevertheless, there are some questions which must be seriously considered before adopting an offensive strategy, and some alternative, intelligence-driven collaborative cyber security approaches can be more effective than proactive cyber security.

Can organisations realistically apply proactive cyber security and go on the offensive?

While organisations may just be trying to protect themselves or recover stolen data, they aren’t necessarily trained to go on the offensive. What if they attack the wrong server or organisation? What if they don’t know how to use the tools they have found and downloaded? What if their actions escalate the cyber war and the attacker decides to completely disable the company in some way that is financially and operationally ruinous?

We, as a security community, have enough trouble finding qualified and trained candidates to defend our networks. Finding or training someone who can properly go on the offense is even more difficult. We can’t have policies or laws that allow blanket protection for organisations applying proactive cyber security when there is no standard or requirements for experience, training, or skill associated with that function.

The idea of select organisations being granted permission to conduct commercial offensive attacks has been thrown out in the past to alleviate the concerns above. However, it still leads into murky water around policy and controlling and monitoring what those select organisations are actually doing.

Don’t build a maginot line of data security because without cyber security you are still vulnerable

Data security and cyber security overlap, but they are different, and there is a risk that if you focus too much on data security you could be left exposed

Do you really know your enemy (and is it a nation state)?

Attributing attacks has always been difficult. Similarities with historical attacks and TTPs might make you think an attack comes from a particular hacking group or country. The reality is that it is easy to mimic an attack from a writing perspective. I’ve been part of organisations that are able to accurately identify individuals and locations and I’ve been part of organisations that were just making a best guess, based on experience and available information. Commercial organisations often blame nation states for various attacks, but these commercial organisations also face a great deal of cyber-crime infrastructure that affects their operations.

The enemy in these scenarios can be rogue-hosting networks such as Internet Service Providers (ISPs) knowingly hosting criminals and criminal activity and offering protection against being cut off. They can also be botnet infrastructures, which are often distributed and are especially hard to take down if you’re a commercial organisation as they can operate undetected for long periods of time, hiding their main command-and-control (C&C) servers behind proxying layers or on other victim systems.

Identifying the true enemy can be out of reach for commercial organisations and getting it wrong is high risk, but they have been taken down when those organisations partner with the right agencies and companies. Proactive cyber security can be effective when there is collaboration involved.

A good example is the takedown of the Dridex botnet which targeted online bank accounts and stole millions of dollars between 2011 and 2017. With support from the European authorities, the FBI and National Crime Agency coordinated their efforts to help cyber security experts and law enforcement disinfect thousands of compromised computers.

And the industry sector most vulnerable to cyber attacks goes to… (drum-roll, please!)… Finance

After a short hiatus, finance has returned as the most attacked industry sector in the EMEA, mainly thanks to web application attacks, says research

How can the private and public sectors better collaborate to secure against attacks?

Speaking of collaboration, one of the key issues is crossing the chasm between private and public sector intelligence. This has always been an issue because, once you move past indicators of compromise (IP addresses, domain names, etc.), reporting from the government tends to be classified and not shared throughout industry. I’m not the first one with this idea, but I would like to see the government start to share its knowledge and expertise around attacks (to include additional context of who, what, where, when, how, why) so organisations can make smart decisions and have better awareness around the attacks they face day in and day out.

An organisation that’s aiming for proactive cyber security needs to ensure it has the intelligence to back up its strategy. “Going it alone” just isn’t possible in the threat environment we face. Instead, collaboration with law enforcement forms the critical foundation for accurately identifying our enemies and giving us any hope of being able to go on the offensive against them.

Jonathan Couch is SVP Strategy, ThreatQuotient

Latest news

divider
Tech and society
Helping traditional industry SMEs to go digital

Helping traditional industry SMEs to go digital

26 June 2019 / How can governments encourage their traditional industry SMEs to go digital? Well, it’s a significant [...]

divider
Software and Applications
Learning to love technical debt

Learning to love technical debt

25 June 2019 / Technical debt gets a bad rap. Engineers and technologists tend to speak of it as [...]

divider
News
Jobs and automation: no need to fear finds The Economist Intelligence Unit

Jobs and automation: no need to fear finds The Economist Intelligence Unit

25 June 2019 / The Economist Intelligence Unit (EIU) has published a report sponsored by RPA company UiPath, that [...]

divider
Cybersecurity
UK businesses downloading vulnerable software components

UK businesses downloading vulnerable software components

25 June 2019 / The average UK businesses downloaded over 21,000 software components with a known vulnerability in the [...]

divider
Healthcare
Healthcare’s biggest barrier to AI adoption

Healthcare’s biggest barrier to AI adoption

25 June 2019 / Less than 4% of all physician-patient interactions involve AI today; by 2023, one in five [...]

divider
Business Skills
Brexit the biggest concern for UK tech workforce, finds CWJobs

Brexit the biggest concern for UK tech workforce, finds CWJobs

25 June 2019 / Research has found that while UK tech professionals believe their industry is currently in a [...]

divider
News
Elephant Robotics launches a collaborative robot, Catbot, for smaller businesses

Elephant Robotics launches a collaborative robot, Catbot, for smaller businesses

25 June 2019 / A new collaborative robotic arm, targeted at smaller businesses and developed by Chinese firm Elephant [...]

divider
The City & Wall Street
Study reveals cyber security concerns on the rise amid M&A Activity

Study reveals cyber security concerns on the rise amid M&A Activity

25 June 2019 / According to a survey by Forescout, the cyber security firm, 53% of respondents said their [...]

divider
Governance, Risk and Compliance
The key takeaways from the MetricStream GRC Summit 2019

The key takeaways from the MetricStream GRC Summit 2019

25 June 2019 / On June 2-5, MetricStream hosted the GRC Summit 2019, the most influential gathering of GRC-focused [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest