In case you missed them, two stories last week emphasized a disturbing truth about the continuing Global Cyberwar. First, foreign hackers compromised the Government of South Carolina, stealing data from millions of tax returns including Social Security Numbers, as well as hundreds of thousands of credit card numbers. Second, Russia turned the tables on a Georgian hacker by tricking him into installing malware on his own system (that’s the Republic of Georgia, not the state of Georgia, for you geographically deficient out there).
The disturbing trend? The three targets here — South Carolina as well as both parties in the Russia/Georgia skirmish — lacked sufficient defenses to keep their opponents out of their systems. Even the Georgian hacker was caught with his pants down, so to speak (although the shirtless mug shot his compromised laptop camera snapped fortunately didn’t reveal quite so much detail). If even state governments and shrewd Asian hackers can’t keep their opponents out, what chance do we ordinary mortals have at keeping the hackers at bay?
The sad fact is that mounting Cyberattacks is much easier than blocking them.
But there’s another side to the story: the moral of the Russian/Georgian tale is that the best defense is actually a good offense. Our defensive security measures may never quite be good enough to protect us from all threats, but that doesn’t stop us from taking a page out of the hacker playbook and going after the bad guys using their own tools and techniques.
The obvious conclusion is that any organization — private or public sector — may want to get into the offensive hacking business. The field of ethical hacking will focus on far more than penetration testing. It’s time to go on the offense.