Cyber attribution poses a dilemma for many security teams that are already often time-strapped and short-staffed. Is it really time well spent trying to identify the attackers? Or is it a distraction from getting on with the improvements needed to reduce the likelihood of another breach?
The process behind cyber attribution is usually complex, lengthy, resource-hungry, and fraught with inaccuracy pitfalls. It involves security analysts gathering evidence, constructing timelines, piecing together the events that led to a breach, and painstakingly reviewing tactics, techniques, and procedures used by the adversary in an attempt to uncover the organization or individuals behind it.