Hacking Back: Playing with Fire
- Date:June 27, 2018
- Author(s):
- Sean Sposito
- Test
- Report Details: 20 pages, 11 graphics
- Research Topic(s):
- Cybersecurity
- Fraud & Security
- PAID CONTENT
Overview
Despite warnings from academics, former intelligence community officials, and federal law enforcement, some security professionals at financial services companies harbor a willingness to attack their adversaries. Not necessarily to destroy outside infrastructure, but more likely to identify adversaries, surveil criminal activities, and disrupt threats to their businesses.
Such activities, which are legally ambiguous and ill-defined, at best, aren’t conducted in a vacuum. They’re not even a first step. Ultimately, this and other types activities are meant to degrade threats, while deceiving and denying bad actors before or as they carry out their crime
Regardless, there are significant risks associated with “hacking back,” including a persistent fear that unskilled vigilantes may act irresponsibly. In the worst cases, they may act as agents of foreign policy — potentially crossing a line, and accidentally escalating global tensions.
Key questions discussed in this report:
- What are some potential motives for practicing such activities?
- What are those FIs’ chief concerns in conducting such operations?
- What some of the risks associated with such activities?
Companies Mentioned: Attivo Networks, CrowdStrike, Cymmetria, Fidelis Cybersecurity, FireEye/ Mandiant, TrapX Security, SANS Institute
Methodology
Javelin conducted a series of interviews involving industry executives, vendor executives, and other relevant stakeholders to gain an understanding of the topic. Interviewees represented a variety of organizations, including those contributing to public policy.
Data in this report is based on information collected in a random-sample panel of 800 information technology security decision-makers, 200 of whom work in financial services. For questions answered by all 800 survey respondents, the maximum margin of sampling error is ±3.46 percentage points at the 95% confidence level. For questions answered by all 200 financial services respondents, the maximum margin of sampling error is ±6.93 percentage points at the 95% confidence level. The maximum margin of sampling error is higher for questions answered by segments of respondent
Learn More About This Report & Javelin
Related content
Threat Intel Odyssey: Mapping the Convergence of Social Cyber Risks
Successful sharing of threat intelligence must move beyond the borders of traditional financial services and governments to include social media, a breeding ground for cybercrime a...
2024 Cyber Trust in Banking Scorecard
In this scorecard, Javelin evaluates leading financial institutions’ level of cyber trust based on key components: privacy, cybersecurity, education and resolution support. Shiftin...
Cyber Trust in Banking: Privacy Path to Maturity
For consumers, privacy is the fundamental determinant of cyber trust. The degree to which financial institutions protect consumer privacy and enhance authentication and identity ve...
Make informed decisions in a digital financial world