Hacking Back: Playing with Fire
- Date:June 27, 2018
- Author(s):
- Sean Sposito
- Test
- Report Details: 20 pages, 11 graphics
- Research Topic(s):
- Cybersecurity
- Fraud & Security
- PAID CONTENT
Overview
Despite warnings from academics, former intelligence community officials, and federal law enforcement, some security professionals at financial services companies harbor a willingness to attack their adversaries. Not necessarily to destroy outside infrastructure, but more likely to identify adversaries, surveil criminal activities, and disrupt threats to their businesses.
Such activities, which are legally ambiguous and ill-defined, at best, aren’t conducted in a vacuum. They’re not even a first step. Ultimately, this and other types activities are meant to degrade threats, while deceiving and denying bad actors before or as they carry out their crime
Regardless, there are significant risks associated with “hacking back,” including a persistent fear that unskilled vigilantes may act irresponsibly. In the worst cases, they may act as agents of foreign policy — potentially crossing a line, and accidentally escalating global tensions.
Key questions discussed in this report:
- What are some potential motives for practicing such activities?
- What are those FIs’ chief concerns in conducting such operations?
- What some of the risks associated with such activities?
Companies Mentioned: Attivo Networks, CrowdStrike, Cymmetria, Fidelis Cybersecurity, FireEye/ Mandiant, TrapX Security, SANS Institute
Methodology
Javelin conducted a series of interviews involving industry executives, vendor executives, and other relevant stakeholders to gain an understanding of the topic. Interviewees represented a variety of organizations, including those contributing to public policy.
Data in this report is based on information collected in a random-sample panel of 800 information technology security decision-makers, 200 of whom work in financial services. For questions answered by all 800 survey respondents, the maximum margin of sampling error is ±3.46 percentage points at the 95% confidence level. For questions answered by all 200 financial services respondents, the maximum margin of sampling error is ±6.93 percentage points at the 95% confidence level. The maximum margin of sampling error is higher for questions answered by segments of respondent
Book a Meeting with the Author
Related content
2026 Direct-to-Consumer Identity Protection Services Vendor Scorecard
Gen Digital, provider of Norton 360 with LifeLock Ultimate Plus, took Best in Class in overall identity theft protection sold directly to consumers, followed by Equifax, provider o...
2026 Direct-to-Consumer Identity Protection Services Overview: Gains, Gaps, and Opportunities for Industry Growth
Javelin Strategy & Research’s biennial assessment of direct-to-consumer identity theft protection services (IDPS) vendors finds that they are expanding their services. They are off...
2026 U.S. Identity Protection Services Market Report: U.S. Market Poised to Hit $18 Billion by 2027
The U.S. identity theft protection services (IDPS) market is forecast to hit $18 billion by the end of 2027, as consumer investment in identity theft protection continues to grow. ...
Make informed decisions in a digital financial world