Identifying vs. Understanding Your AdversariesBy Mike Rothman
You read stories about badasses tracking down trolls and showing up at their houses, and you get fired up about attribution. The revenge gene is strong in humans and there is nothing like taking that Twitter gladiator out the woodshed for a little good old fashioned medieval treatment. Now, payback daydreams aside, Keith Gilbert asks a pretty important question about attribution. Do you really need to know exactly who the attacker is?
The question: Do you or your organization need to know the PERSON sitting behind the keyboard at the other end of the attack? I still believe that the answer, in most situations, is no. The exceptions I see are localized (physical tampering, skimming, etc) types of crime, or for organizations that are serious about prosecuting (which usually means a financial motivation) the perpetrator.
That’s right. It may make you feel better to know the perpetrator was brought to justice, but in most cases doing the work to pinpoint the person is well past the point of diminishing returns. That being said, though it’s not critical to identify the actual attacker, you need to understand the tactics and profile of the adversaries.
The idea is that knowing the tactics that the adversary is likely to use can be immensely valuable in prioritizing defenses and focusing employees. While understanding tactics is part of knowing your adversary, it also helps to understand the motivations behind your attackers. Why are you a target? What data are they going after (or prevent others from reaching)? How will they attempt to reach their goal? This is really no different than any other business intelligence function.
If you don’t have a clear profile of your adversaries, how can you figure out how to protect yourself? As long as you understand that the profile is dynamic (meaning the attackers are always changing) and that you’re using the intelligence to make educated guesses about the controls that will protect your environment, it’s all good.
Photo credit: “Caught red handed?” originally uploaded by Will Cowan