- Published: September 14, 2022
- Updated: September 14, 2022
- University / College: University of Southampton
- Language: English
- Downloads: 16
An asymmetric threat is defined in military terms to refer to strategies and tactics that are utilized by a weaker opponent to take advantage of the vulnerabilities in the stronger opponents. For example inferior military that cannot face the US military in open combat employ strategies that render the US military might irrelevant. In terms of business operations and information security, it refers to an attack initiated by an adversary towards a business entity. Asymmetric threats are characterized by three scenarios: it must involve a tactic, strategy or exploit that an adversary could utilize against an organization. Second, it must include a tactic or exploit that the organization is not able to use against the adversary and finally, it must involve an exploit, strategy and tactic which if not countered could lead to serious consequences.
Asymmetric attacks can be prevented by employing comprehensive risk mitigation strategies. The use of conventional technology based controls is ineffective because it involve the pooling of massive resources that greatly outpace those of adversaries. An SQL Injection attack can be initialized within a few seconds of typing on the keyboard while the company protecting against SQL Injection attacks must use millions of money to purchase web applications.
Attacks such as denial of service can be prevented through implementation of security measures such as disabling unneeded networks, enabling quota systems, use of redundant and fault-tolerant network configurations as well as appropriate password policies.
Organizations face the problem of defending against constant asymmetric attacks based on past attacks. However asymmetric attackers are increasingly creative and motivated and change their ways often. Therefore, the defensive mechanism is limited and ineffective. Constant training of the security personnel is crucial as well as development of sound response mechanisms in addition to conventional security apparatus.
References
Brian Caswell, J. B. (2008). Snort 2. 1 Intrusion Detection, Second Edition. Syngress.
Kramer, F. S. (2009). Cyberpower and national security. Springer.
Nye, J. S. (2008, Decenber). Cyber insecurity. Project Sindicate .
