Black Hat: Former FBI chief urges firms to take strategic approach to cyber threats

LAS VEGAS: Security experts are calling on businesses to be more aggressive in protecting their networks against cyber attacks.

Speaking at the 2012 Black Hat conference in Las Vegas, former FBI executive assistant director Shawn Henry told delegates that firms can no longer approach security as a matter of protecting the network perimeter and should instead focus on strategically reacting to intrusions and isolating data.

Henry likened the issue to what the US government faced in the wake of the 9/11 attacks. At the time, government agencies were forced to move from a focus on specific cases to strategically protecting against a broad range of possible threats and scenarios.

"We need to have a paradigm shift in the way we all do business," Henry said, "you have got to assume the adversary is on the network."

Henry said that firms should adopt a more strategic approach in addressing attacks, isolating sensitive data during strategic business periods and moving data from key locations when a possible breach is spotted.

Additionally, experts believe that firms should be proactive in protecting systems and bringing the fight to hackers. BlackHat founder Jeff Moss suggested that security groups become more aggressive in their pursuit of cybercriminals.

"Maybe we need some white blood cells out there," Moss suggested, "some companies that are willing to push the edge and see what is possible in focusing on the individual out there rather than focusing on the bots."

Henry, however, advocated a less aggressive approach. Rather, he believes firms can thwart attacks by maximising the effort needed to breach a network and minimising the potential reward for attackers.

"I am not talking about actively hacking back against other computers and other organisations," he said.

"We can be proactive on the network, there is a lot that we can do to create a hostile environment for the hacker to operate in."