Cybersecurity is often an elaborate medieval fortress, with firewalls and passwords and other types of static defenses that keep the criminals at bay by simply not allowing them inside a computer system. Although this is how cybersecurity was done for decades, it simply doesn’t work anymore, and I’m going to tell you why it doesn’t work and what people have been doing instead.
First, passive defense, such as filtering spam emails, filtering inbound network traffic, and properly configuring access controls, is difficult to get right all the time. To stave off all attacks, they must be adequately implemented 100% of the time. However, that is simply too high of a standard for most companies to uphold.
While defenders need their passive defenses working all the time, an attacker only has to be right one time. They have to find that one vulnerability and your defenses come crashing down like a house of cards.
Secondly, the passive defense doesn’t work well against certain kinds of attacks, which is the best example of phishing. Phishing, rather than a technology-based attack, instead attacks the emotions.
Active defense involves doing more to prevent these attackers, a common method being leaving honeypots. Honeypots are fake servers filled with fake assets or credentials that are strategically placed to lure hackers in. Since you know that no one uses that honeypot server for anything legitimate if you get any alerts from the honeypot you know that an attacker is lurking. This is just one form of active defense, there are many more ways to practice active defense out there. And let me clarify that active defense is not hacking back, where people will try to get their stolen information back by attacking the offender. Hacking back often hurts other victims and not the attacker and can land you in trouble with the law.
For example, attackers can use computers belonging to large companies to steal your information, then store it on servers in those companies. So, if you go to retrieve your files and cause damage on the way you would not be damaging the attacker but instead, a person that had no idea their computer was being used to steal your information.
In conclusion, passive defense and hacking back lay on opposite sides of a spectrum. Active defense lays somewhere in the middle and is the most effective way to protect your sensitive information in the modern-day. That’s all I wanted to talk about for this short topic, I’ll see you all next time.