[BreachExchange] Think Like a Hacker to Secure Your Network

Audrey McNeil audrey at riskbasedsecurity.com
Fri Dec 30 13:50:22 EST 2016


http://www.hangthebankers.com/think-like-a-hacker-to-secure-your-network/

Business networks are attractive targets for hackers.

They’re a repository for valuable information, which could be customers’
personal data or proprietary information on products or services.

Hackers and cybercriminals have become a permanent fixture in the
enterprise technology landscape, but that doesn’t mean they have to destroy
your business network.

Beat them at their own game by thinking like a hacker to secure your
digital assets — read on to learn more.

The 2 Characteristics of a Hacker: Patience and Persistence

In order to think like a hacker, you have to understand the characteristics
that make them successful and enable them to carry out their crimes.

Hackers are similar to bank robbers. They actively investigate a company’s
network and defenses to determine where the weak spots are. It can take
time to complete a thorough investigation, but that’s why successful
hackers are patient.

They’re also persistent; hackers are aware it can take more than one try to
crack a firm’s security settings.

When considering a hacker’s traits, many cybersecurity professionals make
the mistake of spending too much time on what motivates a hacker. Hackers
attack targets for money, though they also breach networks for ideological
reasons. You might never find out what their motivation is, so focus on
their temperament.

What Breach Methods Will They Use?

In order to think like a hacker and better secure your network, you must
have a thorough understanding of the techniques and tools hackers use to
attack business networks.

While it might seem that hackers have an unlimited arsenal at their
disposal, it’s not the case. And that’s good news for you, because it makes
it easier to identify the tools and methods they use to breach networks.

For example, password crackers identify weak passwords that can let hackers
into your system. Remote administration tools give unauthorized parties
access to computers. Backdoor exploits take advantage of vulnerabilities
and enable hackers to infiltrate the network. Denials of Service (known as
DoS) attacks flood a system so it can’t provide normal service and crashes.

What Do Hackers Want From Your Organization?

In The Art of War, Sun Tzu wrote, “If you know the enemy and know yourself,
you need not fear the result of a hundred battles.” What a Chinese
philosopher wrote centuries ago about armies at war is surprisingly
relevant for cybersecurity professionals today.

When it comes to network security, “knowing yourself” means being aware of
what hackers want from your business’ network. As mentioned earlier, the
most valuable digital asset any company possesses is data. Every
organization that stores information digitally is at risk. Just because
your company is small doesn’t mean that you’re not at risk.

We’ll use the Target data breach as an example. In November 2013, American
retail giant Target fell prey to a data breach. An investigation showed
that hackers were able to access the company’s networks because they stole
a third party service provider’s credentials (in this case, it was an HVAC
company that monitored energy consumption and temperature inside of
stores). The HVAC services company was used as a stepping stool for a much
larger quarry.

What Can You Do to Protect Your Network?

Now that you know how to think like a hacker, how can you use this
knowledge to protect your business’ networks?

For a start, assess your vulnerabilities. Are there any points at which
hackers can easily access your network? What are the harder-to-find, but
not impossible to exploit, vulnerabilities? The next step is to tighten
your defenses to make it much more difficult for hackers to get what they
want out of your company.

Be aware of the possibility that you’ve already been hacked and you didn’t
know about it. Zero-day vulnerabilities (gaps in software that vendors
don’t realize are there) come out faster than firms can deal with them.
That’s why it’s equally important to have a mitigation plan in place that
reduces the disastrous effects of a hack.

Thinking like a hacker means you have to be vigilant around the clock.
Hackers don’t take breaks for weekends or holidays, and they don’t work 9
to 5. Yes, the hacker mindset means more work for you. But it also keeps
your network safer, so it’s worth it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161230/a9271494/attachment.html>


More information about the BreachExchange mailing list