David Mortman, an analyst with the security research and analyst firm Securosis, says -- while not outright offensive retaliatory actions -- there are steps enterprises can take to be more proactive. "It's critical to your threat modeling efforts that you understand your enemy," Mortman says. "That can include installing honeypots and honeynets, and hiring third-party intelligence services. A lot can be said for these types of activities."
Another step forward, Mortman recommends, is joining the Forum of Incident Response and Security Teams (FIRST), or similar organizations. "The biggest and most immediate benefit are the contacts you will make. Should something happen, you know who to call," he says. "Maintaining those contacts with peers and friendly competitors is an excellent way to stay abreast of attack trends. Chances are, if attackers are targeting your competition they are already, or soon will be, targeting you."
However, Mark Rasch, director of cybersecurity and privacy consulting at CSC, warns that there could be significant legal repercussions for organizations that not only go on the offensive and get it wrong -- but also those that take seemingly timid steps, such as operating a honeynet.
"It's easy to get into legal and policy hot water," says Rasch. "A simple example would be if your privacy or website policy state that your organization doesn't collect information about visitors or customers, and then you set up a honeypot," he says. "That's a problem right there."
Sign up for Computerworld eNewsletters.