Do organizations have the right to protect themselves and try to retrieve stolen data? Here’s what you should know about “hacking back”

It’s hard to turn on the news these days without hearing a story about another business whose data has been compromised by hackers. While large multinational companies used to being the prime targets, today most businesses of any size can easily fall victim to some type of online attack.

While in the past most organizations took a reactive approach to dealing with cyber-attacks, now some are attempting to retrieve stolen data in what’s being dubbed, “hacking back.”

What is hacking back?

Hacking back is a way that organizations are going on the offensive/defensive when it comes to attempting to retrieve stolen data from hackers. One idea organizations use to trick hackers is to offer up a fake set of sensitive data and then track the movement of it to catch the cyber criminals. Another example of a hacking back strategy uses what is known as “active defense” to attempt to steal back whatever data was stolen in the first place.

Dangers of implementing a “hacking back” strategy

Going on the offensive against sophisticated cyber criminals can be an extremely complicated endeavor, fraught with potential consequences. Most cyber security experts advise against implementing a hacking back strategy for a number of reasons, a few of which we’ll go into below.

You may not know who attacked your organization

Determining who is actually attacking an organization can be incredibly difficult. Take the Sony Pictures hack, where the FBI claims the attack came from North Korea. There are a number of cyber security experts who refute this assessment. If you’re unsure of who is at fault for a cyber-attack, and target the wrong person or organization, you’ll likely not get much sympathy if you’re wrong.

It doesn’t solve the problem

If your organization decides to get back at a cybercriminal by hacking back, what are you really accomplishing? Do you think you’re solving the problem? The reality is that your organization will likely still be vulnerable, maybe even more so, if you decide to participate in these practices.

It’s illegal

In the same way that the practice of stealing your company data is illegal, going on the offensive and accessing a system that does not belong to you is also against the law, even with the best of intentions. While you may assume that law enforcement will be more lenient because you’ve been the victim of cybercrime, this may not be the case.

How to protect against cybercrime?

Rather than hacking back, why not put the necessary mechanisms in place to reduce the chances of your company data being compromised in the first place? Instead of investing significant resources into trying to get back at cyber criminals, focus that energy on shoring up your security mechanisms. Chances are, you’ll end up with a more robust defense strategy, and will be able to sleep better at night knowing that you haven’t created a fire storm by trying to get back at cybercriminals.

If you’re looking to implement security protocols that will deter hackers from accessing your valuable data, contact CloudHesive today. Our team of experts can help institute your best defense in today’s cloud computing environment.