Attackers are thinking outside the box

How to predict what the next attack will look like

In the adversarial environment of information security, new types of attacks emerge constantly. Just recently, a very highly targeted phishing attack against CEOs used the pretext of a federal grand jury subpoena to lure executives to a site hosting malware. Let's face it: Most of the innovation in this industry is on the other side, the "dark" side. We are unfortunately forced to keep reacting to new ingenious attacks every few years.

In our efforts to secure our organizations, how do we predict what the next attack will look like? All too often, the focus is on matching defenses to specific types of attacks -- the Anti-X approach. When instead attack "Y" comes along, we don't question our strategy, we simply add Anti-Y to our purchasing list.

The attempt to predict classes of attacks, aka the Anti-X strategy, is always reactive and highly susceptible to the asymmetric nature of security. Namely, following the Anti-X strategy, we have to correctly predict all types of attack, while attackers have to only invent one attack that is "unexpected." This asymmetric struggle means enormous corporate expenditure for those defending security and only a small amount of innovation on the attacker's side. If you've been in this industry for a while, you're probably used to feeling awed by the sheer ingenuity and breadth of attacks that cybercriminals can dream up.

The basic problem with a strategy of threat prediction is this asymmetry. Imagine an abstract attack surface -- a two-dimensional space where each point is a possible attack. If you consider technology hacking and social engineering attacks, the attack space stretches out to infinity in all directions. It is only constrained by human imagination, so not really constrained at all! Now imagine all of the known or expected threats that you can predict as the surface bounded by a square. This is the security specialist, trying to predict attacks by thinking inside the box. No matter how imaginative the security professional and how large the organization's budget, the "box" is finite. It takes enormous effort and expense to define an area broad enough to even cover most of the known threats, as is evident by the hundreds of small, specialized vendors in our industry. But all an attacker has to do is take a small step outside the box. Even a small variation of an existing attack can stump security controls that are focused on the known and on the predicted. In the Anti-X strategy, we always have a finite and known box, and outside that box the attacker has an infinite space for innovation.

Note that I'm not claiming that we can't successfully predict and defend against some attacks. Only that we can't predict and defend against all attacks, especially when our actions are known and the attackers just have to step outside the realm of our prediction. Next time, I'll be looking at a strategy to overcome this problem -- namely how generic security preparedness trumps specific threat prediction.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andreas M. Antonopoulos

Network World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?