Cyber-attackers know there are high rewards and low consequences for their actions. Corporations, frustrated by these attacks, are conducting vigilante style counter-attacks called strikebacks and hackbacks. As one corporate representative said “It felt good to make them suffer”. Seeking revenge is not the answer. Instead, it is time to challenge the cybersecurity status quo of defending our data/information assets and adopt a more aggressive cybersecurity posture.
- What would it take to legalize strikebacks and hackbacks?
- What would the amended legislation (privacy, criminal code, and corporate liability) look like?
- What directions do we provide to corporations?
- What is a reasonable level of harm and consequences imposed cyberattacker’s network and physical assets?
- What are the privacy challenges?
These are the questions we will explore.