Vigilante cyber security: collaboration is better than proactive cyber security

Can organisations realistically go on the offensive? Jonathan Couch saddles up to fire-off some words about proactive cyber security, it seems it helps if they can gather up a posse first, because proactive collaborative cyber security can work Vigilante cyber security: collaboration is better than proactive cyber security image

Proactive cyber security is now seen by security teams as a viable solution to the challenge of defending enterprises against the ever-growing threat landscape. This might conjure up images of vigilantes setting out to get revenge for attacks, but the reality is rather different. In my career I have witnessed organisations that went after those that attacked them to disable their infrastructure or recover their data. Is this wrong in terms of what they’re doing? According to the law, yes. But according to common sense? Well I can certainly see where they were coming from.

Nevertheless, there are some questions which must be seriously considered before adopting an offensive strategy, and some alternative, intelligence-driven collaborative cyber security approaches can be more effective than proactive cyber security.

Can organisations realistically apply proactive cyber security and go on the offensive?

While organisations may just be trying to protect themselves or recover stolen data, they aren’t necessarily trained to go on the offensive. What if they attack the wrong server or organisation? What if they don’t know how to use the tools they have found and downloaded? What if their actions escalate the cyber war and the attacker decides to completely disable the company in some way that is financially and operationally ruinous?

We, as a security community, have enough trouble finding qualified and trained candidates to defend our networks. Finding or training someone who can properly go on the offense is even more difficult. We can’t have policies or laws that allow blanket protection for organisations applying proactive cyber security when there is no standard or requirements for experience, training, or skill associated with that function.

The idea of select organisations being granted permission to conduct commercial offensive attacks has been thrown out in the past to alleviate the concerns above. However, it still leads into murky water around policy and controlling and monitoring what those select organisations are actually doing.

Don’t build a maginot line of data security because without cyber security you are still vulnerable

Data security and cyber security overlap, but they are different, and there is a risk that if you focus too much on data security you could be left exposed

Do you really know your enemy (and is it a nation state)?

Attributing attacks has always been difficult. Similarities with historical attacks and TTPs might make you think an attack comes from a particular hacking group or country. The reality is that it is easy to mimic an attack from a writing perspective. I’ve been part of organisations that are able to accurately identify individuals and locations and I’ve been part of organisations that were just making a best guess, based on experience and available information. Commercial organisations often blame nation states for various attacks, but these commercial organisations also face a great deal of cyber-crime infrastructure that affects their operations.

The enemy in these scenarios can be rogue-hosting networks such as Internet Service Providers (ISPs) knowingly hosting criminals and criminal activity and offering protection against being cut off. They can also be botnet infrastructures, which are often distributed and are especially hard to take down if you’re a commercial organisation as they can operate undetected for long periods of time, hiding their main command-and-control (C&C) servers behind proxying layers or on other victim systems.

Identifying the true enemy can be out of reach for commercial organisations and getting it wrong is high risk, but they have been taken down when those organisations partner with the right agencies and companies. Proactive cyber security can be effective when there is collaboration involved.

A good example is the takedown of the Dridex botnet which targeted online bank accounts and stole millions of dollars between 2011 and 2017. With support from the European authorities, the FBI and National Crime Agency coordinated their efforts to help cyber security experts and law enforcement disinfect thousands of compromised computers.

And the industry sector most vulnerable to cyber attacks goes to… (drum-roll, please!)… Finance

After a short hiatus, finance has returned as the most attacked industry sector in the EMEA, mainly thanks to web application attacks, says research

How can the private and public sectors better collaborate to secure against attacks?

Speaking of collaboration, one of the key issues is crossing the chasm between private and public sector intelligence. This has always been an issue because, once you move past indicators of compromise (IP addresses, domain names, etc.), reporting from the government tends to be classified and not shared throughout industry. I’m not the first one with this idea, but I would like to see the government start to share its knowledge and expertise around attacks (to include additional context of who, what, where, when, how, why) so organisations can make smart decisions and have better awareness around the attacks they face day in and day out.

An organisation that’s aiming for proactive cyber security needs to ensure it has the intelligence to back up its strategy. “Going it alone” just isn’t possible in the threat environment we face. Instead, collaboration with law enforcement forms the critical foundation for accurately identifying our enemies and giving us any hope of being able to go on the offensive against them.

Jonathan Couch is SVP Strategy, ThreatQuotient

Latest news

divider
Recruitment
In the world of AI recruitment, the human touch is still essential

In the world of AI recruitment, the human touch is still essential

18 April 2019 / Most HR managers concur that AI is helpful in performing some of the tasks related [...]

divider
Data Analytics & Data Science
Balance sheets and staff remuneration — the value of data is rocketing

Balance sheets and staff remuneration — the value of data is rocketing

18 April 2019 / Property is an asset — it often sits on a balance sheet as one of [...]

divider
Business Skills
Business-orientated IT teams will become a must for the enterprise

Business-orientated IT teams will become a must for the enterprise

18 April 2019 / Are specialist networking professionals in IT teams a dying breed? According to three-quarters (72%) of [...]

divider
Diversity
Hootsuite’s Penny Wilson on sidelining ‘bro cultures’ to achieve real tech innovation

Hootsuite’s Penny Wilson on sidelining ‘bro cultures’ to achieve real tech innovation

18 April 2019 / Penny, how easy was it to develop and progress in an industry that is traditionally [...]

divider
Business Skills
Break down data silos and put data into the hands of the many

Break down data silos and put data into the hands of the many

17 April 2019 / Gone are the days whereby it is acceptable for data silos to exist. A siloed [...]

divider
Data Protection & Privacy
The role of CDOs: a more strategic approach to data and digital transformation

The role of CDOs: a more strategic approach to data and digital transformation

17 April 2019 / Demands on Chief Data Officers (CDOs) are growing. Data is now an in-demand commodity. But [...]

divider
Research
Data-driven business initiatives are failing

Data-driven business initiatives are failing

17 April 2019 / Data-driven business is the new breed of enterprise and start-up alike in the digital economy. [...]

divider
Cybersecurity
Does your vendor run security checks on their products?

Does your vendor run security checks on their products?

17 April 2019 / Recent vulnerabilities discovered in Huawei and Asus laptops have highlighted the importance of vendors carrying [...]

divider
Cybersecurity
Tech Nation’s national cyber security growth programme revealed

Tech Nation’s national cyber security growth programme revealed

17 April 2019 / Tech Nation, the UK network for digital tech entrepreneurs, has revealed the 20 fast-growth cyber [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest