Think like a hacker. It seems so obvious, but you might be surprised to hear that most cyber security professionals were taught to think about cyber security from a defensive standpoint. How to protect against a hacker’s attack versus asking the question, if I were a hacker how would I penetrate this network? Today, more than 90% of cyber technology expense is directed towards defense technology. The challenge is that current defensive tools are not flexible or dynamic enough to evolve and align with advancing hacking techniques.

I’ve spent my most recent professional career in cyber security beginning with an expansive career in the military, where I primarily led a classified cyber warfare group. In this capacity, I came to understand many aspects of cyber security that I later applied while establishing my cyber security start-up Pcysys.

Here are my top 3 tips that are paramount to keeping your organization secure and they all center around thinking like a hacker:

Tip 1: Think Like A Hacker. Always

This is the number 1 consideration. You must always think like a hacker when you are making decisions about your cyber defense. I thought about this in particular when hiring my cyber defense team.

During my time in the military, I was tapped to lead a cyber warfare group in the Israeli Defence Forces. The main objective of this unit was to test our network infrastructure to see how vulnerable our systems were to hacker attacks. My first order of business was to hire a team. I interviewed countless candidates with stellar backgrounds in computer science. I dismissed many of them. The hackers that wanted to penetrate our systems were relentless, skilled and bad-intentioned professionals, and I needed people that could think just like them and act just like they did. In short, I needed to hire a team that knew how to incorporate a hacker’s perspective; that could essentially be the hacker – a person that wouldn’t eat or sleep until they penetrated our own network. Knowing how we could attack our own systems would give us far more information to help us defend ourselves than merely fortifying our security defenses. I would encourage every company to have one member of their cybersecurity team whose dedicated roll is opposition focused and that person should possess a rebel mindset.

Being aware of how a hacker thinks and acts will keep you on the offense. And offense is always the best defense.

Tip 2: Validate Your Network Frequently

The persistent nature of hacker attacks combined with today’s advanced exploitation techniques are such that they give hackers the ability to take advantage of vulnerabilities at any opportune time. This makes it nearly impossible to protect your organization using traditional cyber security methods.

We estimate that 80% of cyber defense will be automated in the coming years and it’s important for an organization to incorporate intelligent, machine-based defensive software that operates 24/7. The ability to perform, for example, machine-based penetration testing that continuously thinks and acts as hackers do, is the best way to make sure that businesses have their cyber defense line as tight and strong as possible.

Tip 3: Protect Yourself On The Inside

One of the main pillars of a comprehensive cyber security strategy is to build up and strengthen your defensive walls (firewalls, WAFs etc.) to keep hackers from getting in, but what many people in cyber security don’t realize is that most attackers are already inside. To protect your company’s crown jewels, you need to strengthen your security systems from within to prevent irreversible harm. If you follow some practical advice you can greatly reduce the likelihood of an attack:

1/ Least Privileges. By granting least privileges to users based on their required scope of work, you can limit a users ability to access your company’s crown jewels.

2/ Strong Passwords. Maintain a strong password policy. Passwords should be long, complex and non-trivial.

3/ Monitor and Challenge. Monitor and challenge your network on an ongoing basis. Doing this will give you an accurate read of your “security status” and be able to find out where are your critical vulnerabilities are.

To find out more about Pcysys please just click on the link below:

https://click26.co.uk/PCYSYS/

By Arik Liberzon Founder and CTO Pcysys

Is It A Cyber-Attack Or An Act Of War?

Is It A Cyber-Attack Or An Act Of War?

Zurich refuses to foot NotPetya ransomware clean-up bill – and claims it's 'an act of war'. Snack company client disagrees, sues for $100mUS snack food giant Mondelez is suing its insurance company for $100m after its claim for cleaning up a massive NotPetya...

One Pen Test Is Worth A Hundred Vulnerability Scans.

One Pen Test Is Worth A Hundred Vulnerability Scans.

I have a friend who manages a large financial investment company based in NJ and each year, sometimes twice a year, he brings in a team of pen testers to run a test and check the box for security regulations. When I told him that my company automated pen testing (PT)...

How To Identify A Phishing Email – 5 Simple Steps

How To Identify A Phishing Email – 5 Simple Steps

You’ve received an email. As no phishing filter can keep out 100% of all phishing attacks, there’s a chance the email could be malicious – no matter what it looks like. How do you check whether or not the email is a phishing attack? Step 1: Is the email expected? When...

Click 26

Registered office:

Wellesley House
204 London Road
Waterlooville
Hampshire
PO7 7AN
Company Registration: 07108413

VAT Number: GB183595274

 

 

© 2018 Click 26 Ltd.

Contact:

team@click26.co.uk

+44 (0)3300 417126

Legals:

Office address:

The Gatehouse
Marsh Farm
Milford
Surrey
GU8 5AE