Time to get serious about hacking?
Paul Briden thinks it's about time we played the hackers at their own game.
COMMENT: I appreciate the title could be misleading. So, let me start by saying I don't think anyone in this day and age takes the threat of hacking attacks lightly.
However, recent events have made me wonder whether things should be taken to a whole new level in terms of how security firms and businesses combat hacking.
I use the word combat quite deliberately. Indeed, comments made by Dr Liam Fox earlier this year highlighted that the Ministry of Defence fought off more than 1,000 attacks on its systems in 2010, a situation which was described by the man himself as part of an on-going cyber "war".
Imagine a security framework, which rather than quarantining a breach actually reacted to it, perhaps by deflecting the malicious code back at the attacker, perhaps by having an additional decoy layer to take the hit' and absorb the damage.
Even those of us who've never set foot inside a military institution will be familiar with the old adage "the best defence is a good offence," but is it time we took the fight to the hackers and acted much more aggressively?
In April IT Pro reported that security expert Mikko Hypponen, chief research officer at F-Secure, felt security firms were increasingly the target of ever-more aggressive attacks. Also this year we've seen the PlayStation Network breach - a hack on an unprecedented scale - and, most recently, the anarchic campaign of the LulzSec group which caused a huge amount of damage to a wide variety of organisations and only ended when the perpetrators either became bored or were warded off by a rival hacker group.
I'm going to go off on a tangent for a moment and talk about something completely different to make a point. Please bear with me and all will become clear.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
I'm going to talk about tanks. Yes, you read that right. Actual military tanks with turrets, tracks and cannons.
Modern tanks actually have some remarkable ways of defending themselves against attack and one such method is known as reactive armour'. The clue is in the name. It reacts to being shot at and there are a few different types. Some use localised explosions triggered on impact to deflect or dispel energy from a projectile, others use materials such as rubber to absorb and re-direct the damage. There's even a fancy prototype, which uses electricity. A hit on the tank closes a circuit, which literally vaporises the incoming missile on contact.
You may by now be able to see where I'm going with this. Imagine if these overall concepts were applied to IT security. Imagine a security framework, which rather than quarantining a breach actually reacted to it, perhaps by deflecting the malicious code back at the attacker, perhaps by having an additional decoy layer to take the hit' and absorb the damage. Maybe even a system to grab hold of intrusive programs and destroy them?