From health care companies to credit agencies and telecommunication firms, hackers didn’t hold back in 2017. With no simple solution to hacking on the horizon, it’s a safe bet that 2018 will come with its own share of data breaches, compromises and concerns.
Short of pulling the plug and living in the dark, how can companies protect their data and beat hackers at their own game?
It’s all in your head.
Key Characteristics To Thinking Like A Hacker
Here’s the bottom line: IT security fails because it’s often designed to combat logical, organized threats that follow set rules. But hackers don’t work this way. They center their efforts around finding ways to exploit the most prevalent vulnerability – human error. They count on the difficulty of developing secure code and unrealistic expectations of protecting the exponential growth of endpoints. The solution? To defeat a hacker, companies need to think like a hacker.
Not sure what that looks like? Start here:
- Patient — As noted by cybersecurity blog Linux, hackers are patient. They take the time to learn how systems work, evaluate potential weak spots, and design attack methods that are slow and low – distributing the attack volume, frequency, and time of day to avoid detection.
- Persistent — Hacks don’t always go as planned, but one brush-off won’t deter hackers. They’ll go through thousands of attempts to exploit a new vulnerability before moving on to the next tactic.
- Unpredictable — Hackers may skip obvious avenues for side-access attacks that provide more leverage downstream, incorporate multiple tactics like social engineering for more complicated attack methods, or opt for brute-force measures where subtle attempts would be more effective.
- Not picky — If something works, hackers use it. This means they’ll opt for existing hacker kits or tools that are available online rather than starting from scratch.
Hacker Mind Meld
How do you get staff thinking like a hacker instead of stuck in a security rut? Think about why the hacker is interested in attacking your company and protect those assets from all angles. For most companies, the most important assets sit within the application. If you’re wondering what this looks like for your organization, here are 4 simple ways you can think like a hacker.
- Talk, talk, talk — According to Harvard Business Review, it’s critical for staff to communicate about potential security issues and data breaches. Hackers aren’t shy about sharing data to get the job done; collaboration here helps drive a security culture shift.
- Soup up the sim — Want better results from hacking simulations? Cybersecurity news site Dark Reading recommends using a real production environment. Why? Because network security threats are unpredictable and always changing — security staff can’t rely on the confines of a bounded test environment.
- Look everywhere — Try everything. Doesn’t look like a potential access point? Test it anyway. Seems like a secure login system? Try to break it. Hackers assume that everything is breakable; so should you.
- Never stay still — The best security is always evolving. Once hackers discover one attack avenue has closed, they open another. Consider the rise of fileless malware and IoT compromise. This means you need real-time security data about what’s happening across your applications, what risk these actions represent, and what steps you can take to improve network security.
Want better defenses? Toss the white hat and start thinking like a hacker.