What’s the value in attack attribution?
For those who pursue forensic analysis with the hope of identifying and prosecuting an attacker, they likely will find that the time spent on attack attribution is fruitless.
If, however, they are looking to use what they gain through attack attribution to inform their overall security procedures from prevention to response, the effort yields valuable results.
Many experts in the industry have questioned whether there is any value to attribution. SafeBreach CTO & co-founder Itzik Kotler said, “The only interesting aspect in attribution itself is to classify and put information in a box and use it over and over again.”
Kolter offered a hypothetical in which right now CNN gets hacked by the Chinese. “That someone can or cannot attribute it to the Chinese doesn’t matter. It does matter if we can say we think this is from China,” Kolter said.