Companies feel angry, vulnerable and humiliated following a cyberattack leading to data breach, but they should avoid trying to launch retaliatory attacks.
JPMorgan Chase allegedly endorsed a revenge cyberattack during a closed meeting in February 2013, before suffering a significant data breach in late 2014. The FBI is now reportedly investigating a revenge attack that was sanctioned by US financial institutions, leading to a server in Iran being taken offline.
"First, I believe it is illegal and therefore risky for a company to engage in retaliatory cyberattacks," said Richard Stiennon, Chief Research Analyst of IT-Harvest, in a statement to TweakTown. "The very best way to react against an attack is to beef up security and vow to never be a victim again."
Companies that have already been victimized face headaches - and with the global economy hit for $575 billion in hacking-related costs per year, according to McAfee - counterattacks also are expected to generate a large sum.
"There are several risks involved: First they could run afoul of US laws against hacking and computer intrusions,"
Aside from the ethical and moral issues relating to a cyberattack, companies that try to seek revenge by hiring hackers - or launching their own cyberattacks - would be violating the Computer Fraud and Abuse Act. Title 18, Sec. 1030 points out that intruding upon or stealing from other computers is illegal, with no laws allowing anyone to engage in attacks.
"Second, since they are probably pretty vulnerable they could encourage an escalated attack against themselves." Instead of focusing on improving security, companies that decided to become offensive potentially leave themselves vulnerable for additional attacks from the original perpetrators - and underground allies the group can recruit to intensify attacks.
To finish our interview, Stiennon says he understands the mentality of a revenge attack, but those resources and efforts should be invested in more suitable outlets.
"I understand the temptation. It is an emotional and humiliating event when you are attacked. You have a visceral desire to hit back. Of course you don't always know who to hit back at. If you invest in a revenge attack you may be squandering resources that could be spent on beefing up your security."
The cybersecurity market is absolutely booming because of cyberespionage attacks and high-profile data breaches throughout 2014. I expect to see counterintelligence efforts to increase, with companies and security experts looking to expand their knowledge about attackers and how they were successful.
(Image courtesy of Workingnets)