Experts say hacker traps might be better than walls
Published 9:26 am Tuesday, February 10, 2015
SEOUL, South Korea — Ever since the Internet blossomed in the 1990s, cybersecurity was built on the idea that computers could be protected by a digital quarantine. Now, as hackers routinely overwhelm such defenses, experts say cybersecurity is beyond due an overhaul.
Their message: Neutralize attackers once they’re inside networks rather than fixating on trying to keep them out.
First they need to convince a conservative business world to gamble on a different approach. And having sold generations of defensive systems that consistently lagged the capabilities of the most advanced hackers, the industry itself must overcome skepticism it’s flogging another illusion of security.
According to U.S. cybersecurity company FireEye, 229 days is the median length of time attackers lurk inside their victim’s computers before being detected or revealing themselves, underscoring the weakness of conventional tools in identifying sophisticated intruders.
The traditional defenses must “have a description of the bad guys before they can help you find them,” said Dave Merkel, chief technology officer at FireEye Inc. “That’s just old and outmoded. And just doesn’t work anymore,” he said.
“There’s no way to guarantee that you never are the victim of cyberattack.”
Merkel said in the worst case he knows of, attackers hid themselves for years.
Experts aren’t recommending organizations stop deploying perimeter defenses such as antivirus software or firewalls that weed out vanilla threats. But they say a strategy that could be likened to laying traps is needed to counter the sophisticated hacks that can cause huge losses.
The weakness of relying on a firewall is that it’s like building a fence around a housing complex but not hiring a guard to patrol the interior streets, said Ed Amoroso, chief security officer at AT&T.
The hackers who targeted Anthem, the second biggest U.S. health insurer, and accessed personal information of 80 million customers, may have been inside its system for more than a month before being detected, according to the company.
In the famous Sony Pictures hack, the attackers who breached the Hollywood studio’s network went unnoticed until computers were paralyzed and a mountain of data was dumped on the Internet.