Start Thinking Like A Hacker

Uploaded on 2023-02-27 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

The list of large and medium-size companies whose internal systems have been hacked has grown rapidly in recent years and now includes such high-profile exploits as SolarWindsKaseya, Ireland's Heath Service and many others. 

In many cases, cyber security breaches can go undetected for weeks and months before they’re discovered.  Cyber security breach response times can be a crucial factor in the data breach scale, its mitigation, the determination of its source, not forgetting the future legal issues involving the disclosure period. 

Computer security is a unique field. Unlike other fields in which the challenge is to overcome the scale of a problem or the complexity of an algorithm, in computer security the challenge is the wit of another human being who is trying to carry out an attack in order to compromise and disrupt a computing infrastructure. The saying, "If you can't beat them, join them." certainly  applies to cyber security.

To really get inside the mind of a hacker, you need to think like a hacker and this approach is known as "white hat" hacking.

Malicious actors will search for the easiest way in and as you know, social engineering techniques are typically a piece of the plan. In other words, humans are the easiest to hack. Today, there is a pressing need for security professionals to develop vulnerability analysis skills. Vulnerability analysis is the process of analysing a networked system to identify possible security problems.  While there are a number of scanning tools that can be used for network analysis, an in-depth analysis requires a more holistic approach that takes into account the design of the network, its goals, and its actual configuration. Given this information, it is then necessary to identify the underlying assumptions of the system's design, especially the undocumented ones.

To succeed as a cyber security analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks. 

Three Core Values  Characterise A Hacker’s Thinking

Curiosity:   Curiosity drives hackers to explore and understand systems, networks, and software in order to identify vulnerabilities. Not only are they constantly seeking new knowledge and skills to improve their abilities and stay ahead of security measures, but they’re also constantly applying newly learned approaches, tricks, and techniques in different systems, to see what sticks.

Aggressivel Attitude:   An adversarial attitude is a mindset that is always looking for ways to defeat security measures, challenge the status quo, and push the boundaries of what is possible. Hackers are often driven by a desire to prove their own abilities and to test the limits of systems and networks.

Persistence:   Persistence is an important trait for hackers as they often need to try multiple approaches and techniques in order to find a way into a system. They may encounter roadblocks and failures, but they don’t give up easily.  But they will continue to work until they have achieved their goal.

Cyber security teams need to identify and remediate all vulnerabilities while a hacker needs to find only one. The relentless pursuit of vulnerabilities is at their core.

The majority of hackers do not think they will suffer consequences and often go after low-level employees because they think there is less risk of getting caught. This thought pattern makes sense because IT administrators and contractors tend to have direct access to servers and other systems housing sensitive data. Furthermore, these contractors or third-party vendors are an excellent choice because they do not work directly within the company, the standards of how they handle data more often fall short. 

If you understand that framework, you're one step ahead in finding the right tools that will help you to gain visibility into critical assets like user data, endpoints, servers, and SaaS applications, allowing you to find the next vulnerability before it's exploited by a hacker.

Dark Reading:    I-HLS:       Techguard:       MITSloan:     Hacker News:    MasterDC

You Might Also Read:

How Ethical Hacking Can Improve Your Security Posture:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 



 

« Securing Hybrid Workplaces
Australia’s Victoria Leads On National Cyber Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Atea

Atea

Atea is the market leader in IT infrastructure for businesses and public-sector organizations in Europe’s Nordic and Baltic regions.

Uhuru Corp

Uhuru Corp

Uhuru offers a wide variety of IoT products and solutions including enebular® IoT Orchestration Service.

IBLISS Digital Security

IBLISS Digital Security

How cyber-resilient is your business now? We help companies to continuously answer this never-ending C-level question.

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

Cira Info Tech

Cira Info Tech

Cira InfoTech’s cyber security and network consulting and managed services deliver unmatched talented resources and capabilities required to design and build an agile and adaptive IT environment.

Cybots

Cybots

Cybots is a multinational cyber defence brand founded in Singapore in 2018 to help organizations stay ahead of increasingly sophisticated threats from cyber criminals.

HolistiCyber

HolistiCyber

HolistiCyber provide state-of-the art consulting, services, and solutions to help proactively and holistically defend against a new era of constantly evolving cyber threats.

Ghost Security

Ghost Security

Ghost is a venture backed, product-led startup building the new standard in application security for the modern enterprise.

Ekco

Ekco

Ekco is one of Europe’s leading managed cloud providers. With a network of infrastructure and security specialists across Europe, we’ve perfected our approach to supporting digital transformation.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

ABM Technology Group

ABM Technology Group

ABM Technology Group (formerly True IT) provide business information technology services, solutions, and consulting for small to mid-sized organizations.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.

Oxygen Technologies

Oxygen Technologies

Oxygen Technologies is a business systems strategy and integration company offering a variety of solutions to give our clients ways to work smarter not harder.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.

Argenta Talent Acquisition

Argenta Talent Acquisition

Argenta Talent Acquisition is a recruitment partner specializing in Space and Defense, Intelligence Community, all things Technical, Cyber, and Logistics.

Grey Market Labs

Grey Market Labs

Grey Market Labs is a special place. It is a data privacy and security skunkworks.