When Companies Get Hacked, Should They Be Allowed to Hack Back?
There is an old debate (at least, counting in internet years) that tends to crop up after major cybersecurity breaches such as the widespread WannaCry ransomware attack in May. In the aftermath of such incidents, some decry the sorry state of cybersecurity and insist that if only tech firms, with their wealth of resources and technical expertise, were allowed to go after the perpetrators of these attacks, they would do a much better job of stopping the damage and deterring other perpetrators than the slow, plodding, over-worked, under-resourced, jurisdiction-bound law-enforcement agencies.
Which raises a question: Beyond the standard set of protective tools—encryption, firewalls, anti-virus software, intrusion-detection systems, two-factor authentication—should companies be allowed to go outside the boundaries of their own networks and crash the servers that are attacking them, or delete data that has been stolen from them off their adversaries’ machines? The answer of most companies and cybersecurity experts
You’re reading a preview, subscribe to read more.
Start your free 30 days