12-02, 09:45–10:30 (Africa/Johannesburg), Track 1
The best defence is a good offence - except in cybersecurity where we send people to the battlefield with armour and radios. The most active defence gets is evicting attackers from their network. We've leaned in so hard into defence as an industry we're lying on the floor, and it's time to look up. But, how can we take the fight to the criminals, without crossing legal and ethical boundaries?
Cybersecurity is all defence. In the history of competitive endeavours from sports to wars, nobody has ever won by playing defence alone. Over the years there have been several defensive models people use to prioritise scare expertise across complex systems, and while they all buy us something, no defence is perfect and the approaches eventually fail us. How do we stop the incessant focus on building and maintaining higher walls while attackers just reuse the same ladders? Address the problem at its root - in security the best defence isn't a good offence, it's a good arrest. What can we do as an industry to better support and enable law enforcement in identifying, linking, gathering evidence, and successfully prosecuting the groups behind the cybercrime. Because when we do - the results are often a dramatic decrease in attacks. While I don't have all the answers, there are enough examples to show us ways it could work. The challenge then is how to we embed them into our security strategies in the future?
singe on twitter & chaos.social