Companies and researchers are exploring ideas for addressing the problem, but until new solutions are found for defending against attacks, Henry and other experts say that learning to live with the threat, rather than trying to eradicate it, is the new normal. Just detecting attacks and mitigating against them is the best that many companies can hope to do.
“I don’t think we can win the battle,” Henry told Wired.com. “I think it’s going to be a constant battle, and it’s something we’re going to be in for a long time…. We have to manage the way we assess the risk and we have to change the way we do business on the network. That’s going to be a fundamental change that we’ve got to make in order for people to be better secure.”
In most cases, the hacker will be a pedestrian intruder who is simply looking to harvest usernames and passwords, steal banking credentials or hijack computers for a botnet to send spam.
These attackers can be easier to root out than focused adversaries — nation states, economic competitors and others — who are looking to steal intellectual property or maintain a strategic foothold in a network for later use, such as to conduct sabotage in conjunction with a military strike or in some other kind of political operation.