Modern field guide to security and privacy

Opinion: Hacker or hacktivist? In data security, it doesn't really matter

Much of the cybersecurity field is too focused on attributing hacks. Instead, companies trying to defend their data should do more to protect their data from any attacker.

|
Peter Nicholls/Reuters
A supporter of the hacktivist group Anonymous wears a mask during a protest in London on Nov. 5, 2015.

I was recently at a cybersecurity conference where several presenters covered the various types of attackers: insiders, hacktivists, terrorists, state-sponsored hackers, and fraudsters.

I've seen this list so many times, and at all types of industry gatherings, that my eyes immediately glaze over when conference presenters start ticking off all the species of malicious actors. 

But this time something tickled my brain: Would someone who falls for a social engineering attack or who has lousy computer security qualify as an "insider"? Or is malice required? What is it about knowing attackers' motivations that could actually help cybersecurity experts improve computer defenses? Would we build different security tools for a hacktivist and for nation-state attackers? I don't think so. 

It seems that checking off the usual lists of bad guys is mostly about scaring audiences into taking security seriously. And there's much to be concerned about when more and more "faceless" enemies are stealing our private data on a daily basis.

Yes, it helps when it comes to selling security products and maybe it'll help executives justify bigger security spending. But when it comes to improving overall cybersecurity, it's not helpful to focus on categorizing attackers. Rather, we should spend more time carefully considering what we're trying to protect and for whose benefit.

Simply, thieves are after valuable data. It doesn't matter if the thieves will use their information directly, or whether they’ll sell it to a third party, it's the cybersecurity industry's job to put up barriers so that no one piece of information is stolen and used to extort even more data.

It might sound incredibly overwhelming and expensive to protect data against all types of attackers. But many successful techniques for improving security cost little to no money aside from the personnel hours needed to set them up.

For example, employing network segregation, setting appropriate user privileges, and applying software updates can be enormously helpful. The latest versions of the major operating systems now include tools for encrypting data on disk. And many online services offer two-factor authentication for no extra cost. 

There is a caveat to my argument to stop focusing on attackers. I'm excluding forensic or legal investigations. After an attack, determining whether the culpable person is an authorized user within your company is a perfectly sensible thing to do. And helping law enforcement to identify and apprehend criminals is good civic behavior.

Before an attack, however, attackers' motivations are not helpful. Whether someone intends to give away access to the crown jewels or is talked into it by a criminal, the result is the same: The information is now out of your control, and will likely be used for nefarious purposes. 

It's my hope that security experts will worry less about the types and motivations of cybercriminals, and more about specific ways to improve our defenses.

Lysa Myers is a security researcher at ESET where she aims to provide practical analysis of security trends and events. Follow her @LysaMyers.

 

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Opinion: Hacker or hacktivist? In data security, it doesn't really matter
Read this article in
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2016/0316/Opinion-Hacker-or-hacktivist-In-data-security-it-doesn-t-really-matter
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe