Start Thinking Like A Hacker

The list of large and medium-size companies whose internal systems have been hacked has grown rapidly in recent years and now includes such high-profile exploits as SolarWindsKaseya, Ireland's Heath Service and many others. 

In many cases, cyber security breaches can go undetected for weeks and months before they’re discovered.  Cyber security breach response times can be a crucial factor in the data breach scale, its mitigation, the determination of its source, not forgetting the future legal issues involving the disclosure period. 

Computer security is a unique field. Unlike other fields in which the challenge is to overcome the scale of a problem or the complexity of an algorithm, in computer security the challenge is the wit of another human being who is trying to carry out an attack in order to compromise and disrupt a computing infrastructure. The saying, "If you can't beat them, join them." certainly  applies to cyber security.

To really get inside the mind of a hacker, you need to think like a hacker and this approach is known as "white hat" hacking.

Malicious actors will search for the easiest way in and as you know, social engineering techniques are typically a piece of the plan. In other words, humans are the easiest to hack. Today, there is a pressing need for security professionals to develop vulnerability analysis skills. Vulnerability analysis is the process of analysing a networked system to identify possible security problems.  While there are a number of scanning tools that can be used for network analysis, an in-depth analysis requires a more holistic approach that takes into account the design of the network, its goals, and its actual configuration. Given this information, it is then necessary to identify the underlying assumptions of the system's design, especially the undocumented ones.

To succeed as a cyber security analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks. 

Three Core Values  Characterise A Hacker’s Thinking

Curiosity:   Curiosity drives hackers to explore and understand systems, networks, and software in order to identify vulnerabilities. Not only are they constantly seeking new knowledge and skills to improve their abilities and stay ahead of security measures, but they’re also constantly applying newly learned approaches, tricks, and techniques in different systems, to see what sticks.

Aggressivel Attitude:   An adversarial attitude is a mindset that is always looking for ways to defeat security measures, challenge the status quo, and push the boundaries of what is possible. Hackers are often driven by a desire to prove their own abilities and to test the limits of systems and networks.

Persistence:   Persistence is an important trait for hackers as they often need to try multiple approaches and techniques in order to find a way into a system. They may encounter roadblocks and failures, but they don’t give up easily.  But they will continue to work until they have achieved their goal.

Cyber security teams need to identify and remediate all vulnerabilities while a hacker needs to find only one. The relentless pursuit of vulnerabilities is at their core.

The majority of hackers do not think they will suffer consequences and often go after low-level employees because they think there is less risk of getting caught. This thought pattern makes sense because IT administrators and contractors tend to have direct access to servers and other systems housing sensitive data. Furthermore, these contractors or third-party vendors are an excellent choice because they do not work directly within the company, the standards of how they handle data more often fall short. 

If you understand that framework, you're one step ahead in finding the right tools that will help you to gain visibility into critical assets like user data, endpoints, servers, and SaaS applications, allowing you to find the next vulnerability before it's exploited by a hacker.

Dark Reading:    I-HLS:       Techguard:       MITSloan:     Hacker News:    MasterDC

You Might Also Read:

How Ethical Hacking Can Improve Your Security Posture:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 



 

« Securing Hybrid Workplaces
Australia’s Victoria Leads On National Cyber Strategy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BCS, The chartered Institute for IT

BCS, The chartered Institute for IT

BCS provides IT professionals with up to date and relevant certifications enabling them to manage IT security effectively within their budget.

Exida

Exida

Exida is a leading product certification and knowledge company specializing in industrial automation system safety, security, and availability.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security create a secure digital environment for countries, governments, and organisations and implement cybersecurity resilience enhancement projects around the world.

GreatHorn

GreatHorn

GreatHorn offers the only cloud-native security platform that stops targeted social engineering and phishing attacks on communication tools like O365, G Suite, and Slack.

LSEC

LSEC

LSEC is a global innovator and facilitator for the Cybersecurity industry. It is a non-profit membership organisation supporting further maturing the industry through its end users.

Center for Research on Scientific & Technical Information (CERIST)

Center for Research on Scientific & Technical Information (CERIST)

CERIST is a scientific and technical research centre with activities focused in the area of networks, information systems and IT security.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

KeyXentic

KeyXentic

KeyXentic Inc. is a professional mobile and data security service provider. We are devoted to design convenient and strong security for user’s data protection and privacy without any compromise.

Stellar Cyber

Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

DNX Ventures

DNX Ventures

Based in Silicon Valley and Tokyo, DNX Ventures is an early stage VC for B2B startups in sectors including Cybersecurity.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

Torq

Torq

Torq's no-code automation modernizes how security & operations teams work with easy workflow building, limitless integrations and numerous pre-built templates.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council is a leading collaborative effort between Government of India and Industry to raise Cybersecurity awareness nationally.