Time to get serious about hacking?
Paul Briden thinks it's about time we played the hackers at their own game.
They argue the attacks encourage people to be less careless with their security, providing an opportunity for security software developers to analyse the methods used, in order that they might adjust their programs and better defend against the new threats. Call me cynical but this has an air about it of locking the stable door after the horse has bolted and I'm sure it's little consolation to people whose credit card details have been exposed and abused.
Companies are going to need to be able to show they're doing more than just holding a shield up and instead that they're actively going out and removing the threat.
When you have security firms such as Kasperksy Labs talking about "indestructible botnets", as it did just last week, clearly a different approach is needed to deal with the level of sophistication hackers now employ.
I think the principles of attacking to defend can and should extend past the security software and networks into other areas too. By now many will be familiar with the concept of companies and security firms employing hackers as security experts. Perhaps we can go one step further.
The online world has become in many ways like the oceans of the classical age of sail, saturated with piracy and peril. What was the historic solution to protect commercial interests? The recruitment of privateers, mercenaries in effect, who would be pirates themselves if not in employment. They didn't just sit around the ports defensively waiting for the criminals to come to them. They actively went out and hunted them down.
There is sense in a modern digital equivalent: Skilled bands of roving hackers hunting down other hackers with more nefarious intentions. Someone could be employing the group, which scared off LulzSec to carry on and finish the job.
This also reflects on the technological trends we find ourselves in. Businesses are functioning much more in the online sphere, where information is more susceptible to attack. If companies expect consumers to put more and more of their personal information, including payment details, onto databases and other systems, and if providers expect businesses to fully move into the cloud, passive defence is no longer enough to offer the assurances people need.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Companies are going to need to be able to show they're doing more than just holding a shield up and instead that they're actively going out and removing the threat.