Organisations should shift their focus from merely blocking attacks from threat actors and pay more attention to offence to make a meaningful impact on the cyber crime ecosystem.
So said Dominic White, MD of Orange Cyberdefense South Africa and director of ethical hacking at Orange Cyberdefense global, speaking at the ISACA South Africa Chapter Conference in Johannesburg yesterday.
White said that in any competitive scenario, adopting a defence-only approach will not work.
Drawing an analogy with the military, he said that if a soldier is equipped only for defence, the enemy can inflict more damage. This principle, he argued, is equally applicable to cyber security.
We exist to be the body armour to the organisation rather than hitting the root cause of the problem.
Dominic White, Cyberdefense.
“We’ve got armour, we can limit the damage to us… we’ve got firewalls, we’ve got anti-virus, lots of things in place to limit the damage to us, but what damage can we inflict? We can call incident response, and the greatest consequence we can leverage on the attacker is [that they will not try ] to get back in. Truly, that’s not much of a consequence."
White said the goal is to limit the criminal’s ability to keep operating. “The problem is that as an industry – myself included – we exist to be the body armour to the organisation rather than hitting the root cause of the problem.”
He then elaborated on the typical modus operandi of threat actors.
“When real criminals are attacking organsiations, they don’t wander around doing things so unusual and abnormal that they stick out on the network like a sore thumb. At some point they are trying to get legitimate access so they can wander around and act like legitimate users.”
Attackers avoid the risk of detection by disguising themselves as legitimate users. It is easier for them to capture data, such as internet passwords, to infiltrate a network. Once inside, they can then launch attacks.
White spoke of countering cyber crime by bringing the attack to the attacker through the technique of hack back. This involves hacking the technology resources used by attackers. But he stressed that this can only operate within the realms of the law.
“The best defence is a good arrest,” said White and cited increasing cross-border collaboration among law enforcement agencies, including Interpol, to traverse criminal networks, track down and prosecute cyber criminal syndicates
Share