Think Like a Hacker
Nemstar - Information & Cyber Security Training Specialists
Nemstar is the cybersecurity training expert, equipping organisations to tackle the threats of today and tomorrow.
To improve cybersecurity, think like a hacker
Find out how to protect your business by understanding how hackers operate and the processes they use
Have you read 'The Art of War' by Sun Tzu??It's a logistics handbook but it is quoted at the start of many management handbooks.
It was written about 300 BC. And is about how the military should be orchestrated. We are cyber security professionals and not military, but we can learn from his teachings. Sun Tzu said:
"If you know the enemy and know yourself, you need not fear the results of a hundred battles.
If you know yourself, but not the enemy, for every victory you will also suffer defeat.
And if you know neither the enemy nor yourself, you'll succumb in every battle."
We fight a battle every day to protect our business. And to protect our stakeholder and shareholders interests. We also protect our customer and employee data to make sure our business continues to survive and thrive.
That's what it feels like these days. It feels like we’re battling.?Every single day we wake up to a new challenge from an innovative, skilled and capable enemy.??Why do we bother learning Hack Chain, Certified Ethical Hacking or Pen Test? Because to successfully defend your information systems and improve cybersecurity, there are two things you must know.
1. Find the weaknesses in your security before hackers do
You must know your own network and technology stack. In order to know how you operate, you must understand your own infrastructure, your network design and your cloud ecosystem.?Ask yourself these questions:
●??????Do you use carbon nets or Docker?
●??????What sort of cloud organisation are you?
●??????Are you cloud centric or cloud native?
●??????What vendor firewalls have you implemented?
●??????What's your AV solution???
?
领英推荐
2. Think like a hacker to discover your weaknesses
To effectively defend against hackers gaining access and committing a data breach, you need to understand what the enemy is capable of. You need to start thinking like a hacker to protect your network. And start to understand what strategy they use to approach this problem. They want to:
●??????use social engineering to gain access to your network and information
●??????blackmail and use ransomware
●??????install payloads and back doors
●??????create botnets out of your systems
What Motivates Hackers?
They want to target you to make a profit from hacking your system. If you are going to defend against a hacker, you need to understand how they think.
If you can understand how a hacker thinks and the process they use, you will stand a chance of defending your network.
I've been working in IT for over 25 years and in information security for almost 20 years.?Time and time again, I have seen companies with excellent technical staff try to defend against an unknown enemy.?And they fail because when they're protecting one part of the network, the enemy is somewhere else.
How to beat a Hacker
Threat intelligence is a really important concept to grasp. But modern information security and cyber defence threat intelligence often has a limited budget. With a limited team, you are restricted in what you can do. You have to make sure that you apply that limited budget, time and team effectively.
And you should deploy for what is happening now. Instead of what might happen.?You should protect against the latest attacks. The attacks that hackers are carrying out today.
If you do that, you can stretch. You can stretch a thin budget to protect the business. If you work for the military, you're tasked to defend GCHQ or the NSA with an unlimited budget and resources. It is quite easy to defend a network if you don't have restrictions.?But you know, how hard it is to come across a sufficient budget and good staff.?And how hard it is to get anything signed off.
You need to understand how the hackers operate and the processes they use, more than ever. The goal is to make our defences strong, where they need to be, which is where the hackers are attacking.
If you are keen to progress your skills as an ethical hacker, check out the newly updated CEHv12 programme on our website.