Start Thinking Like A Hacker

The list of large and medium-size companies whose internal systems have been hacked has grown rapidly in recent years and now includes such high-profile exploits as SolarWindsKaseya, Ireland's Heath Service and many others. 

In many cases, cyber security breaches can go undetected for weeks and months before they’re discovered.  Cyber security breach response times can be a crucial factor in the data breach scale, its mitigation, the determination of its source, not forgetting the future legal issues involving the disclosure period. 

Computer security is a unique field. Unlike other fields in which the challenge is to overcome the scale of a problem or the complexity of an algorithm, in computer security the challenge is the wit of another human being who is trying to carry out an attack in order to compromise and disrupt a computing infrastructure. The saying, "If you can't beat them, join them." certainly  applies to cyber security.

To really get inside the mind of a hacker, you need to think like a hacker and this approach is known as "white hat" hacking.

Malicious actors will search for the easiest way in and as you know, social engineering techniques are typically a piece of the plan. In other words, humans are the easiest to hack. Today, there is a pressing need for security professionals to develop vulnerability analysis skills. Vulnerability analysis is the process of analysing a networked system to identify possible security problems.  While there are a number of scanning tools that can be used for network analysis, an in-depth analysis requires a more holistic approach that takes into account the design of the network, its goals, and its actual configuration. Given this information, it is then necessary to identify the underlying assumptions of the system's design, especially the undocumented ones.

To succeed as a cyber security analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks. 

Three Core Values  Characterise A Hacker’s Thinking

Curiosity:   Curiosity drives hackers to explore and understand systems, networks, and software in order to identify vulnerabilities. Not only are they constantly seeking new knowledge and skills to improve their abilities and stay ahead of security measures, but they’re also constantly applying newly learned approaches, tricks, and techniques in different systems, to see what sticks.

Aggressivel Attitude:   An adversarial attitude is a mindset that is always looking for ways to defeat security measures, challenge the status quo, and push the boundaries of what is possible. Hackers are often driven by a desire to prove their own abilities and to test the limits of systems and networks.

Persistence:   Persistence is an important trait for hackers as they often need to try multiple approaches and techniques in order to find a way into a system. They may encounter roadblocks and failures, but they don’t give up easily.  But they will continue to work until they have achieved their goal.

Cyber security teams need to identify and remediate all vulnerabilities while a hacker needs to find only one. The relentless pursuit of vulnerabilities is at their core.

The majority of hackers do not think they will suffer consequences and often go after low-level employees because they think there is less risk of getting caught. This thought pattern makes sense because IT administrators and contractors tend to have direct access to servers and other systems housing sensitive data. Furthermore, these contractors or third-party vendors are an excellent choice because they do not work directly within the company, the standards of how they handle data more often fall short. 

If you understand that framework, you're one step ahead in finding the right tools that will help you to gain visibility into critical assets like user data, endpoints, servers, and SaaS applications, allowing you to find the next vulnerability before it's exploited by a hacker.

Dark Reading:    I-HLS:       Techguard:       MITSloan:     Hacker News:    MasterDC

You Might Also Read:

How Ethical Hacking Can Improve Your Security Posture:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 



 

« Securing Hybrid Workplaces
Australia’s Victoria Leads On National Cyber Strategy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

National Authority Against Electronic Attacks (NAAEA) - Greece

National Authority Against Electronic Attacks (NAAEA) - Greece

The National Authority Against Electronic Attacks (NAAEA) is the national computer emergency response team of Greece.

CyberDefcon

CyberDefcon

CyberDefcon is an independent organization dedicated to the pursuit of making the internet a safer place.

Omada

Omada

Omada is a leading provider of IT security solutions and services for identity management and access governance.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

APT Search

APT Search

APT Search is a recruitment company specialising within the Legal Technology, Cybersecurity and Privacy sectors.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

GK8

GK8

GK8 is a cyber security company that offers a high security custodian technology for managing and safeguarding digital assets. Secure, Compliant and Practical.

Upfort

Upfort

Upfort (formerly Paladin Cyber) unifies award-winning security and robust cyber insurance to deliver comprehensive cyber risk solutions.

Fairfirst Insurance

Fairfirst Insurance

Fairfirst Cyber Insurance protects your business assets against the complexity of cyber threats.

Shearwater Group

Shearwater Group

Shearwater Group is an award-winning organisational resilience group that provides cyber security, advisory and managed security services to help secure businesses in a connected global economy.

Protectt.ai Labs

Protectt.ai Labs

Protectt.ai Labs is India’s first mobile security start up building awareness & providing solutions for mobile app, device & transaction security.

CyberSecureRIA

CyberSecureRIA

We founded CyberSecureRIA specifically to secure and support RIAs. We exist to secure SEC-registered RIAs, and keep them compliant with cybersecurity regulations.

Novem CS

Novem CS

Novem CS are bespoke cyber security specialists providing a highly effective and specialised approach to solving your cyber security challenges.

Edera

Edera

Edera is changing the way containers are run and secured, making isolation a reality and fundamentally transforming computing in the process.