Think like a hacker. It seems so obvious, but you might be surprised to hear that most cyber security professionals were taught to think about cyber security from a defensive standpoint. How to protect against a hacker’s attack versus asking the question, if I were a hacker how would I penetrate this network? Today, more than 90% of cyber technology expense is directed towards defense technology. The challenge is that current defensive tools are not flexible or dynamic enough to evolve and align with advancing hacking techniques.
I’ve spent my most recent professional career in cyber security beginning with an expansive career in the military, where I primarily led a classified cyber warfare group. In this capacity, I came to understand many aspects of cyber security that I later applied while establishing my cyber security start-up Pcysys.
Here are my top 3 tips that are paramount to keeping your organization secure and they all center around thinking like a hacker:
Tip 1: Think Like A Hacker. Always
This is the number 1 consideration. You must always think like a hacker when you are making decisions about your cyber defense. I thought about this in particular when hiring my cyber defense team.
During my time in the military, I was tapped to lead a cyber warfare group in the Israeli Defence Forces. The main objective of this unit was to test our network infrastructure to see how vulnerable our systems were to hacker attacks. My first order of business was to hire a team. I interviewed countless candidates with stellar backgrounds in computer science. I dismissed many of them. The hackers that wanted to penetrate our systems were relentless, skilled and bad-intentioned professionals, and I needed people that could think just like them and act just like they did. In short, I needed to hire a team that knew how to incorporate a hacker’s perspective; that could essentially be the hacker – a person that wouldn’t eat or sleep until they penetrated our own network. Knowing how we could attack our own systems would give us far more information to help us defend ourselves than merely fortifying our security defenses. I would encourage every company to have one member of their cybersecurity team whose dedicated roll is opposition focused and that person should possess a rebel mindset.
Being aware of how a hacker thinks and acts will keep you on the offense. And offense is always the best defense.
Tip 2: Validate Your Network Frequently
The persistent nature of hacker attacks combined with today’s advanced exploitation techniques are such that they give hackers the ability to take advantage of vulnerabilities at any opportune time. This makes it nearly impossible to protect your organization using traditional cyber security methods.
We estimate that 80% of cyber defense will be automated in the coming years and it’s important for an organization to incorporate intelligent, machine-based defensive software that operates 24/7. The ability to perform, for example, machine-based penetration testing that continuously thinks and acts as hackers do, is the best way to make sure that businesses have their cyber defense line as tight and strong as possible.
Tip 3: Protect Yourself On The Inside
One of the main pillars of a comprehensive cyber security strategy is to build up and strengthen your defensive walls (firewalls, WAFs etc.) to keep hackers from getting in, but what many people in cyber security don’t realize is that most attackers are already inside. To protect your company’s crown jewels, you need to strengthen your security systems from within to prevent irreversible harm. If you follow some practical advice you can greatly reduce the likelihood of an attack:
1/ Least Privileges. By granting least privileges to users based on their required scope of work, you can limit a users ability to access your company’s crown jewels.
2/ Strong Passwords. Maintain a strong password policy. Passwords should be long, complex and non-trivial.
3/ Monitor and Challenge. Monitor and challenge your network on an ongoing basis. Doing this will give you an accurate read of your “security status” and be able to find out where are your critical vulnerabilities are.
To find out more about Pcysys please just click on the link below:
By Arik Liberzon Founder and CTO Pcysys
Zurich refuses to foot NotPetya ransomware clean-up bill – and claims it's 'an act of war'. Snack company client disagrees, sues for $100mUS snack food giant Mondelez is suing its insurance company for $100m after its claim for cleaning up a massive NotPetya...
I have a friend who manages a large financial investment company based in NJ and each year, sometimes twice a year, he brings in a team of pen testers to run a test and check the box for security regulations. When I told him that my company automated pen testing (PT)...
You’ve received an email. As no phishing filter can keep out 100% of all phishing attacks, there’s a chance the email could be malicious – no matter what it looks like. How do you check whether or not the email is a phishing attack? Step 1: Is the email expected? When...
Having trouble getting senior management to buy-in to your security recommendations? Try these essential tips. One of the most often heard complaints among IT and network admins concerns how to convince senior management of the importance of a robust and comprehensive...
204 London Road
Company Registration: 07108413
VAT Number: GB183595274
© 2018 Click 26 Ltd.