Companies of all sizes are losing millions of dollars each year to cyber criminals, according to a study by Ponemon Institute (http://www.informationweek.com/security/management/cybercrime-costs-skyrocket/240162379) which found that the average cost of cybercrime is $11.6M/year, up $2.6M from 2012. Unless something is done to deter criminals, this trend will continue to rise.
There has been talk of allowing companies to take matters into their own hands and hack back against perpetrators to regain what was stolen from them. Police aren’t equipped to deal with the sheer amount of cybercrime, so should companies be allowed to take matters into their own hands? We’ve seen a few high profile arrests, but these only reflect a small dent towards solving the problem. On the other hand, we don’t condone vigilantes breaking into houses to regain stolen goods, and hacking back is essentially the same thing. If law enforcement began allowing organizations to “hack back,” an argument could be made that breaking into a physical structure to take back stolen goods should be legal as well. Retaliatory crimes are a slippery slope.
The question is not only should it be legal, but is it even worthwhile for an organization to try it?
Here are a few pros and cons:
1. Gives organizations the ability to potentially stop cyber-attacks as they happen, whereas waiting for a response from police would most likely be too late and result in data being successfully stolen.
2. Shows attackers that we aren’t sitting ducks, possibly deterring further crime.
1. Could become a game to attackers, resulting in further and more destructive attempts.
2. Would take time and effort, and there’s no guarantee of a successful mission.
What are your thoughts?