With organisations across the globe suffering countless cyber attacks everyday that either target their IT infrastructure or attempt to steal valuable data, a majority of security professionals believe that instead on relying solely on cyber defense methods, their organisations should hack back cyber criminals to deter the latter from launching further attacks.
According to IT security professionals, the world is currently in the middle of a cyberwar with organisations of all sizes and from across all sectors doing all they can to tackle the increasingly complex threat environment which also involves actions from hostile nation states.
In a survey carried out by security firm Venafi, while 72% of IT security professionals said nation-states should have the right to hack back by targeting cyber criminals who level attacks on their infrastructure, 58% of them said that private organisations have the right to strick back at hackers who attack their IT systems.
“It’s clear that security professionals feel under siege. With the increasing sophistication and frequency of cyber attacks targeting businesses, everyone is involved in cyber war,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, adding that as of now, private companies do not have a legal right to actively defend themselves against cyber attacks.
“Even if this type of action were to become legal, most organisations are too optimistic about their abilities to target the correct intruder. Even with the most sophisticated security technology, it’s nearly impossible to be certain about attack attribution because attackers are adept at using a wide range of technologies to mislead security professionals.
“For many organisations, it would be better to focus on establishing stronger defense mechanisms. We’ve seen excellent growth in cloud, DevOps and machine identity technologies that allow digital business services to be restarted in the event of a breach, effectively delivering a knockout blow against attackers,” he added.
The urge to ‘hack back’ cyber criminals is understandable as companies across sectors have to incur huge expenses to tighten their cyber defences, set up new protocols, and hire additional personnel. In the aftermath of cyber attacks, many organisations also face severe downtime, loss of sensitive data, and take months to recover completely from such attacks.
Britain can use offensive cyber force to strike back at hackers
In May last year, on the day the new Data Protection Law came into force, Attorney General Jeremy Wright said that the UK had the right to “name and shame” states that sought to disrupt the UK’s industries by carrying out cyber attacks through proxies or those who sought to manipulate the electoral system to alter the results of elections.
Addressing the foreign affairs think tank at Chatham House, Mr. Wright said that a hostile country cannot escape retaliation by hiding behind proxy groups after supporting targeted cyber attacks on the UK’s critical infrastructure firms, adding that such attacks should be treated with as much seriousness as bombing raids.
In October, news arrived that Britain was mulling the creation of an offensive cyber-force composed of around 2,000 personnel to respond effectively to hostile states, domestic cyber gangs and terrorists.
Sources told The Times that the cyber-force would be composed of experts from the military, security services, and industry and will not only be required to respond effectively to cyber threats from Russia, but also to deter criminal gangs, paedophile rings, and people-traffickers.
Its creation was inspired by Britain’s successful cyber-offensive against the Islamic State in Iraq and Syria that involved British agencies disrupting cash transfers, disseminating fake news among terrorists, and using malware to block their access to data.
According to The Times, GCHQ and the MoD are presently at loggerheads over the command structure of the offensive cyber-force. As per a Times source, while the military will want it to be a high-level war-fighting force that can do things like counter-missile programmes, politicians will want a tactical force that focuses on combating crime and domestic terror threats.
Jeremy Fleming, head of the British Government’s Communications Headquarters (GCHQ), has also said that Britain is capable of carrying out cyber warfare campaigns and had demonstrated it by successfully defeating the Islamic State’s online propaganda efforts.