For Greater Security, Hack Yourself

Cybersecurity forecasts predict more and stronger attacks on corporate and bank technology systems. One treatment: Inoculate by intentionally attacking your own system to find weaknesses before hackers do.

If cybersecurity forecasts pan out, industrial control systems soon will face heightened attacks from more directions than previously. London-based Control Risks projects a37% increase in the severity of cyberattacks on these systems this year over last year.

It predicts attackers will increasingly focus on manipulating data, rather than confidentiality or access, and that 45 nations will be actively cyberhacking by the end of this year.

That helps explain the growth of “vulnerability research,” a cybersecurity tool that studies the company side of a firewall, explains Oliver Fairbank, analyst with Control Risks’ Cyber Threat Intelligence Team. Threat intelligence, by contrast, looks outside the firewall. With proprietary software, an employee or third party under company auspices does the research. With nonproprietary software, the vendor addresses vulnerability. “That is their responsibility—or more likely to be theirs—to provide that research,” Fairbank says.

The objective is to ferret out flaws ahead of hackers. Identification of flaws—and there is some controversy around revealing them—is usually followed by a proof of concept ‘attacking’ the system to demonstrate its vulnerability, and patches to protect it.