Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

7/26/2012
12:06 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Black Hat Survey: 36% Of Information Security Professionals Have Engaged In Retaliatory Hacking

Some IS pros believe retaliatory attacks may discourage further attacks, according to nCircle

LAS VEGAS, NV – July 26, 2012 – Black Hat USA 2012, Booth 628 –nCircle, the leader in information risk and security performance management solutions, today announced the results of a survey of 181 attendees of the Black Hat USA 2012 security conference in Las Vegas, Nevada.

When asked “Have you ever engaged in retaliatory hacking?” 64% said “never”, 23% said “once”, and 13% said “frequently”.

Click here for more of Dark Reading's Black Hat articles.

The information security community is divided on the practice of retaliatory hacking. Some information security professionals believe retaliatory attacks may discourage further attacks, while others believe these attacks are only likely to escalate hostilities, and increased attacks have the potential to do irreparable damage.

“Retaliatory hacking is a huge topic at Black Hat this year, but we should take these survey results with a grain of salt,” said Tim ‘TK’ Keanini, CTO for nCircle. “It’s safe to assume some respondents don’t want to admit they use retaliatory tactics. It’s very tempting to strike back out of anger and frustration. However, as infuriating as cyber criminals can be, this ‘eye for an eye’ code of justice can be extremely dangerous.

Keanini added: “There’s a huge difference between a security expert who can qualify attackers and apply appropriate responses and a neophyte who reacts blindly. The best strategy for most companies is to forget retaliation and concentrate on improving their defenses.”

For more information about nCircle, please visit www.ncircle.com.

About nCircle

nCircle is the leading provider of information risk and security performance management solutions to more than 6,500 businesses and government agencies worldwide. nCircle solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer’s premises, as a cloud-based service, or in combination, for maximum flexibility and value.

nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership and has been ranked among the top 100 best places to work in the San Francisco Bay Area. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. To learn how you can more effectively protect your company visit us at http://www.ncircle.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2021-20622
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2020-5626
PUBLISHED: 2021-01-28
Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.
CVE-2021-3142
PUBLISHED: 2021-01-28
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to preve...