Cyberwar has begun, security professionals say
The world is currently in the middle of a cyberwar, according to 87% of security professionals.
Not only did the majority believe that the world is currently in the middle of a cyberwar, 72% believe nation states have the right to ‘hack back’ at cybercriminals. An additional 58% stated that private organisations have the right to do the same.
“It’s clear that security professionals feel under siege,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.
“With the increasing sophistication and frequency of cyber attacks targeting businesses, everyone is involved in cyberwar.”
Currently, the Computer Fraud and Abuse Act prohibits many retaliatory cyber defence methods, including accessing an attacker’s computer without authorisation. The Active Cyber Defense Certainty (ACDC) Act addresses active cybersecurity defence methods and was introduced to the US House of Representatives in October 2018. The ACDC Act proposes “to provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorised intrusions into their computers”.
“Today, private companies do not have a legal right to actively defend themselves against cyber attacks,” said Bocek. “Even if this type of action were to become legal, most organisations are too optimistic about their abilities to target the correct intruder. Even with the most sophisticated security technology, it’s nearly impossible to be certain about attack attribution because attackers are adept at using a wide range of technologies to mislead security professionals. For many organisations, it would be better to focus on establishing stronger defence mechanisms. We’ve seen excellent growth in cloud, DevOps and machine identity technologies that allow digital business services to be restarted in the event of a breach, effectively delivering a knockout blow against attackers.”
An audit of 10 NSW universities identified a number of IT internal control deficiencies that are...
Half of survey respondents believe most enterprises underreport cybercrime, even when it's...
ISACA has released new, practical, online training modules to help bolster cybersecurity...