What’s the value in studying other hacks? With what seems like a constant stream of attacks that lead to data breaches, how do we, as practitioners, engineers, auditors, or officers of companies, benefit from studying about other organizations that have been hacked?
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Dan Bilenker says
A common refrain is that “hindsight is 20/20”, meaning we typically see the results of our decisions or conflicts after they have peaked or concluded. When it comes to hacking, sometimes breaches can’t be prevented. Perhaps the malicious code is new, or unidentified. Maybe the vulnerability was unknown. At any rate, once a hack has been executed, it is only a matter of time before it begins to appear elsewhere. Therefore, we need to initialize and develop our own protocol for responding to a similar attack. Another common refrain is that it is best to “learn from the mistakes of others.” Indeed, it is best to study the situations of others, and evaluate the issues, responses, and recoveries, to ensure that we are prepared in the event that our security is compromised. Moreover, studying the practices of other organizations, allows us to see our own organization with fresh perspective. It is always possible that we missed something, that is still posing a threat to our security. By evaluating others, we can apply the lessons learned to our own systems and protocols, working to neutralize threats waiting to come into play. The technology landscape is always evolving, and threats, like actual biological viruses, mutate accordingly. Although a threat has been mitigated in the past, a new iteration with the ability to circumvent current IDS techniques could be coming. To keep up with the stream of technological change, we have to be vigilant in monitoring the landscape, and at times, conferring with our peers.
Duy Nguyen says
There are many benefits to reviewing pass incidents or other organization’s incidents. The main benefit has to be just to see where or how the organization responded. It gives the organization data into if current policies or processes implemented is sufficient. Looking back on pass incidents also enable the organization to see hackers techniques and patterns that may not be known or documented.
Kelly Conger says
Duy, I agree. Studying the way other organizations have been hacked ultimately gives you a better view of how your organization is capable of handling a similar incident. I always look at incidents as a way to look at how my own company would react. Any advantage I can gain from learning how another organization was compromised will help me understand our own defensive measures as well as how to plan ahead for similar attacks.
Vince Kelly says
Given the levels of sophistication, the myriad methods, the vast number of exploitation tools and the ease with which they can be procured, the eternal continuum of offensive versus defensive security posturing has clearly shifted in favor of the offense. So what are the characteristics of ‘offensive’ and ‘defensive’ security posturing? In my opinion, offensive posturing can be characterized as some of the most extraordinary brilliant thinking that mankind has to offer – certainly misguided, devious and nefarious but brilliant nevertheless. It commonly thrives at levels of imaginative creativity and innovation that are well beyond the skills, capabilities or even the perceptions of an average individual – in short, the majority of us are simply no match for this kind of malevolent thinking.
Defensive security posturing on the other hand, (again in my opinion) is based upon a single simple premise. Over the thousands of millennia that our species have existed on this planet, humans have slowly and painstakingly learned to embrace a few immutable truths. Chief among these is the fact that our inexorable rise to the top of the food chain was not a function of being the fastest or strongest of creatures. On the contrary, when compared to all the other forms of life that we share this world with, humans are physically inadequate and rank well below average in almost any comparison. Our success as a species then has always lain in our ability to band together and to think and act collaboratively in order to overcome what might otherwise seem to be an insurmountable threat – whether that threat manifested itself in the form of a lion hunting for food or some clever, deceptive individual trying to deprive others of critical resources. And so, the value in studying other organizations that have been hacked is that, by working collaboratively and then actively sharing and communicating what we find with others who may end up in similar circumstances creates an ‘aggregate defensive strength’ that can thwart even the most sophisticated and determined forms of attacks.
Brandan Mackowsky says
The value in studying other hacks that have occurred is really shown in the ability for one to look at the mistakes or shortfalls of others and really think “thankfully that wasn’t me.” The issue with ignoring the hacks of the other organizations is that by not learning from the mistakes of other, that next hack really can affect anyone. The benefits of studying other hacks as they occur are really useful in the planning of the hack to attack the home organization. In anticipating some type of attack, proper preparation can be made, regardless if the event occurs or not, to prevent any compromise of the organizational systems and information. Looking at other hacks that have occurred allow an organization to prepare and prevent an entrance for the hacker, secure and limit access to the data that hackers seek, and ensure system access is limited and systems remain up and running.