The movie “Catch Me If You Can” is a great lesson in thinking like the enemy to protect yourself against them. It is based on the real-life story of a check fraud con artist that was so good that the FBI turned to him for help catching other check forgers. The reason was that he could do something the FBI could not: think like the enemy, because he WAS the enemy.
This same lesson can be applied to cybersecurity. In fact, it should be applied to cybersecurity because defenders need to think like attackers and implement systems to defend against them. When a business is hacked, the blame falls squarely on the owner or company leadership. This makes cyber protection as important as “traditional” business teams like Finance, Sales, or Marketing. Being cybersafe means business survival.
The obligatory cybersecurity stats
They are obligatory because they show how important cybersecurity is.
- 73% of black hat hackers said traditional firewall and antivirus security is irrelevant or obsolete. (Thycotic, 2017)
- Russian hackers can infiltrate a computer network in 18 minutes. North Korean hackers need just two hours, 20 minutes. Chinese hackers need about 4 hours. (Crowdstrike, 2019)
- 34% of hackers prefer domain admin accounts as their number one way to hack systems. (Thycotic, 2019)
Your business’s largest threat is not the competition. It is not the economy. It is not even changing trends and markets. Your largest threat are hackers. Cybercriminals do not care about anything other than making money off your hard work; they are your enemy.
A non-boring definition of hacking
Hacking means making something work better, faster, or easier. Hacking requires problem solving skills, critical thinking skills, and the willingness to tinker with things to learn how they work.
Hacker personality traits so you can understand your enemy
Hackers are very intelligent, have an insatiable curiosity, and can easily understand abstract concepts. They also possess the need to build and understand systems, called “systemizing” (Science Daily, 2016) and can ingest and understand large amounts of data and detail. They challenge conventional thinking and ask “Why?” a lot.
Hackers are relentless, see your security barriers as a challenge to overcome, and will understand your information technology systems better than you do within a very short time. They are a very dangerous enemy.
Think like the invader, not the castle (this is the important part!)
Many cybersecurity professionals think about protection from a defensive standpoint. Cybercriminals that want to hack your systems are skilled, relentless, and will not sleep until they penetrate your system to access and exploit your data and information. To prevent that, you need to think like they do. As any sports fan will tell you, the best defense is a good offense.
- Develop an adversarial mindset to identify if your security assumptions can be violated
- Study past attacks to see the patterns attackers follow, like intelligence gathering, lateral movement, and creation of backdoors
- Use the Internet to research hacker tools and techniques
- Use vulnerability analysis skills to identify and fix security issues
Look at your systems through the eyes of a hacker to better understand where your weaknesses lie. This is especially important because you will have no idea which enemy will be attacking you, or what sort of attack they will initiate.
Hackers can’t really be caught by a business (that’s law enforcement’s responsibility) but cyber-attacks can be prevented by thinking like a hacker.
Cybersecurity is no longer an IT task; it has become a main functional business area and a shared responsibility of everyone in the organization. Thinking like a hacker helps identify gaps in your defenses. If you are concerned with your risk of cyber-attack, we can perform a vulnerability analysis or penetration testing on your system to find weak points before hackers do. Schedule a confidential conversation with one of our cybersecurity experts. Simply complete the form below – we are here to help!
Remember, being cybersafe means business survival.
Fortress Security Risk Management is a global data protection company that helps organizations dramatically minimize their risk of disruption from unforeseen events like cyber-attacks. Our goal is to help every client achieve the highest degree of security and the least amount of risk their organization can afford, or what we call, SecurityCertaintySM.