Think Like a Hacker to Stop Cyber Crime

July 5, 2017 · steveverbanic · · Comments

As the saying implies, it takes a thief to catch a thief. The same goes with cybersecurity. To stop hackers from compromising or stealing digital assets, you have to think like one—which involves anticipating their moves and identifying their targets.

Profile of the Modern Hacker

The profile of people who break into computer systems has changed. The old stereotype of the teenaged geek working in isolation no longer applies. Today’s cyber criminals (at least the most dangerous) are apt to be organized, motivated and armed to the hilt with intelligence on their targets’ weakest links—in most cases—employees.

Some hackers believe they’re serving a great cause. Most have an excellent understanding of security. Their most effective tool is psychology, not just technology.

No organization is immune to becoming a target of cyber crime. Business, government and nonprofits are all at risk. Even hospitals aren’t off-limits. Small businesses don’t make headlines, but they’re often seen as easy marks.

Understanding the Hacker Mindset

Stopping cyber criminals in their tracks requires organizations to use their tactics against them. Adopting a hacker mindset to identify and fix security issues is one of the best ways to thwart progress at any point in the attack cycle. This involves:

  • Identifying weaknesses. This is an exploratory phase, gathering information about your network and the people that interact with it. Attackers study your security policies, access points and visible features of your software. This phase can be as much about cultivating relationships with people as studying technical features.
  • Probing. Attackers gather intelligence to probe for vulnerable points. They look for unsecured ports and accounts with default or easily guessed passwords. They identify software your network and match it against known weaknesses, especially if it’s not up to date. They collect email addresses and peruse social media for personal information about employees.
  • Obtaining access. With passwords, hackers can install malware or grab information directly. Otherwise, they can craft packets to exploit flaws in applications and send phishing email to trick employees into installing malware. Sometimes they target email messages to specific individuals, using personal information to look legitimate.
  • Exploiting access. A hacker’s job isn’t done until they get something of value. Once access is gained, they install malware to connect to command-and-control servers where it steals data, scrambles files, makes ransomware demands or launches attacks on other machines. The longer malware goes undetected, the more damage it does.

A good defense mirrors the approach of a hacker to prevent theft and damage by:

  • Identifying weaknesses to close them.
  • Running penetration tests to find vulnerable points, than strengthening them.
  • Monitoring networks for signs of unauthorized access to shut it off.
  • Protecting data against exploitation with backup, encryption, application-level security and access control.

Collaborative Security Architecture Provides Reinforcement

It’s unrealistic to expect any one level of defense to be fully successful, but attackers have to get through all four to succeed. A robust, collaborative security architecture will frustrate the large majority of attempts.

Security is a difficult matter and businesses need expert help. Slait Consulting can help your company advance its security strategy. We offer a broad portfolio of integrated, best-of-breed cybersecurity tools and security services to stop cyber criminals from accomplishing their aims.

SLAIT offers assessment services that can help you gathering information about your network.  Contact us today to learn more about the cyber security services we can offer you