Five Ways to Outsmart the Hacker Mindset
In our previous blog, “Think Like a Hacker to Stop Cyber Crime,” we addressed the hacker mindset and how by gaining an understanding of cyber criminals’ motives and tactics, organizations can stop threats at any point in the attack cycle.
Beyond just applying hackers’ tactics to technical infosec activities, organizations need to develop a holistic security strategy that outsmarts hackers with a combination of technology, processes and people. This takes a five-pronged approach that includes:
- Planning a security strategy. Start by thinking how an attacker would approach your network and create a step-by-step counter strategy. In addition to technology, it needs to address the most vulnerable links to your network: The people accessing it. Be sure your strategy cover everything from human error to network configuration to data protection. It needs to provide collaborative protection that extends across data centers, network segments, web applications, the cloud and remote and on-premise endpoints so threats that make it past one layer are stopped or slowed at subsequent points.
- Getting senior management buy in. Security needs to be a company-wide concern, not just a matter for IT. Cross-functional leaders and stakeholders need to understand the ROI of various security measures and why practices that look convenient may be bad for business. When they understand the huge financial and reputation-related costs of a breach, they’ll support whatever is necessary to prevent one.
- Creating a culture of security awareness. Everyone who touches the network needs to realize that it’s under a permanent state of siege. Any mistakes they make could let an attacker get through. Regular training programs will help to build awareness, but they have to build good habits. Making people memorize answers isn’t enough. Creating strong passwords, not sharing information inappropriately, taking care in public areas, and treating email skeptically are just some of the security habits every employee needs to learn.
- Sharing threat intelligence. It’s embarrassing to admit to a breach, but joining a community to share intelligence will let each participant learn from one another’s experiences. Organizations such as the Cyber Threat Alliance keep members informed of the latest developments. Think of it as improving herd immunity. If better preparation prevents more attacks from succeeding, botnets can’t grow, and criminal organizations have fewer resources to expand their activity.
- Staying up to date. New threats constantly appear, and old ones change to get around existing defenses. Security technology needs to keep up with them. Sometimes that means replacing old, ad hoc security appliances with advanced, integrated tools designed for borderless network environments. System and application software needs to be patched with updates as soon as they’re available. Infosec teams need to stay abreast of new techniques and adopt recommended best practices.
Keeping A Lead In Cybersecurity Arms Race
Staying secure is a Red Queen’s race; it takes all the running you can do to stay in the same place and twice as much to get ahead. SLAIT Consulting’s cyber threat assessment can assess whether you’re keeping up and flag areas of improvement. Slait Consulting can help you develop an adaptive cybersecurity strategy and support it with best-of-breed security technology. Contact us today to setup a complimentary 30-minute discussion with our cyber security experts.