I'm the first to speak up and say that not every organization should be spending resources looking outside its walls, but when you do have a reason to do so, this is a great approach! You profile your attackers (and maybe actually enable staff to think like them!), you try to find breached data before someone else tells you about it, and you learn cutting edge tools and techniques (the meta-hacking game).
I love the idea of security talent in multiple organizations collaborating. There's very little reason not to, despite the political machinations and misgivings that trickle into a business through the competitive sales channels and executive teams. Maybe someday there can be a market for industry-specialist security firms that rent out their services to similar companies. This is like a more targeted and thus much more intelligent version of a generic MSSP!
I also love the idea of reversing one's own malware, presumably found in the wild manually, through contacts, and via honeypot tools. What better way to get used to doing something like that *before* a dropdead emergency!
The only scary long-term result? My ye old Shadowrun example where corporate digital espionage runs rampant! :) I don't have a whole lot of faith in people, but I do have a decent amount of faith in the security industry to generally be good, respectful, and helpful to peers.
0 comments:
Post a Comment