The New York Times posted a thought-provoking editorial piece this weekend on our nation’s cyber security efforts and the intensifying focus the government is taking on developing offensive capabilities to combat our cyber adversaries – hackers, criminals and foreign governments, mainly China. But, the piece argues, we’re moving into potentially dangerous territory.
Furthermore, this notion of developing capabilities to “strike back” against cyber attackers has moved beyond the government sector to the enterprise. In recent months, more than a few security startups have made headlines with their bold statements on this controversial issue, urging corporations to take matters into their own hands as “cyber vigilantes,” taking proactive strikes against their attackers’ infrastructure.
We were curious to see what actual enterprise security leaders thought about this idea of "counterstriking," so we asked 100 IT security executives as part of our recent survey – A Cyber-readiness Reality Check. Turns out that 80 percent of respondents believe that some form of a proactive strike would be beneficial to their businesses, if there were no legal ramifications.
We believe, however, that this mindset reveals misplaced priorities. Enterprise should focus on its core business, while defending the most critical assets, such as intellectual property – not striking back at unseen adversaries.
However, this is not to say that those responsible for enterprise cyber security can’t learn from the military when it comes to playing defense. In a recent column in TIME magazine, the Chairman of CounterTack’s Board of Directors, Admiral William Fallon (Retired), wrote:
“I believe two of the most important lessons to apply in cyber space relate to intelligence and adaptability. First, real-time situational awareness and intelligence enable an active and effective defense. Second, the battlefield is ever changing, and this requires constant monitoring, assessment and adjustment. Once you know where your enemies are and what they’re doing, you’ll find the best defense is a pro-active posture – one that enables you to understand, isolate, avoid and deflect – or even deceive – your attackers.”
The ancient Chinese military general and author of “The Art of War,” Sun Tzu once said, “It is best to win without fighting.“ We couldn’t agree more. But no matter where you stand on this issue, it is sure to be an interesting theme to watch evolve over the coming months.