One of my favorite Western films is John Sturges’ The Magnificent Seven. It tells the story of a poor Mexican village regularly raided for food and supplies by local banditos. The men of the village reluctantly tolerate these incursions until a bandit kills one of them in the latest raid. Deciding to fight back, they set out to buy some guns before the next raid.
Along the way they meet up with Yule Brynner’s character, a veteran gunslinger, who convinces them to spend what they have on hired help instead of weapons, because, as he puts it, “Men are cheaper than guns.” What follows is an excellent portrayal of human nature with all its sometimes unavoidable shortcomings and inherent nobility.
Although 57 years old, the film has an applicable lesson for today’s cybersecurity practitioners, one that bullies know well: If you tolerate bad behavior, you will get more of it.
Taking the fight to hackers
In today’s high-tech environment, the bandits are hackers and the food and supplies that they plunder are networks and data caches. Experts say, and most of us accept, that it is only a matter of time before we will all be hacked. Sadly, when it comes to protecting data, many organizations do little more than rely on basic cybersecurity practices, try to maintain a low-profile, and hope for the best.
Such an approach to cybersecurity is unwise. The potential damage from a data breach can be devastating to economic engines large and small, and even lead to loss of life. Last year, Russia-based hackers breached the networks of 100 nuclear and power plants worldwide. In 2015 and 2016, these same hackers managed to shut down power plants in Ukraine, resulting in a loss of electrical power for millions of people.
Even in technologically advanced countries like the United States, intrusions into our power grid occur with disturbing frequency. In July, the FBI and the Department of Homeland Security jointly issued an industry advisory warning of unknown hackers targeting energy companies.
Thus far, most intrusions that security personnel have managed to detect and analyze were just gathering intelligence: diagrams, passwords, reports, and so forth. The real danger is that, with that kind of information, hackers could easily access the operational side of a facility and cause serious long-term service disruptions.
As the stakes of a data breach increasingly escalate, things are changing when it comes to cyber defense. In what many call the Industry’s “open secret,” more organizations are hiring latter-day Old West gunfighters — hackers who not only defend networks, but intentionally strike back against bad actors.
The process is called “hacking back,” and is essentially exactly what it sounds like. Hired gun hackers deliberately go after an attacker’s computers and networks to identify them, find or destroy stolen data and, in increasingly more instances, to wreak havoc on the attacker by causing disruptions or full-blown damage to servers and networks.
Companies that engage in this brand of cyber pushback are understandably reluctant to admit to “letting slip the hounds of war.” It’s just good business to be wary of poking the digital hornet’s nests from which hackers sally forth. In many unpublicized instances, however, they are doing just that.