Business Daily Media

Business Marketing


Know your enemy – Thinking like a hacker

  • Written by Ryan Weeks, CISO at Datto

As companies are increasingly digitalising their data and processes and are now having to secure a larger diversity of distributed endpoints. However this then creates many more entry points for cyber threats to breach. Organisations need to transition from a mindset of ‘if’ an attack will take place to ‘when’.

Cyberattacks are taking place at an accelerated pace, becoming increasingly difficult to recover from and posing significant consequences. Given the frequency of attacks, the larger attack surface and the severity of attacks, investment in protection technologies is no longer enough. To be ready for an attack, companies are changing their tactics. They are now taking an ‘Assume Breach’ position, which entails combining their traditional cyber security programmes with robust incident response, crisis management and disaster recovery plans.

While the foundation of a comprehensive cyber resilience strategy encompasses the ability to identify, protect, detect, respond to and recover from threats, it is more about effective risk management. This means identifying which cyber security events would have the greatest impact on the organisation and prioritising defence measures accordingly. To achieve this level of protection, organisations need to understand the hacker, the playing field, and their defences.

Getting into the mind of a hacker

By far, gaining knowledge about the enemy is the most difficult of the three. To start, organisations need to study the threat actors and understand why they view the company as a viable target. In order to gain this level of knowledge, companies need answers to the following questions: what are the cyber criminals’ motives and goals, what are the tactics, techniques and procedures (TTPs) they use, how are the TTPs applicable to the business environment we operate, where would the attack most likely take place based on current defences, and how could it compromise the organisation, the supply chain or customers?

Pinpointing and knowing potential attackers is not easy. Fortunately, there are several open-source resources that provide insights into how cybercriminals operate. To start, the MITRE ATT&CK database provides a library of known adversary tactics and techniques. It provides information on cyber criminals’ behaviour and exposes the various phases of an attack lifecycle and the platforms these threat actors are known to target.

Understanding the playing field

Cyber resilience requires a comprehensive strategy to reduce risk. Basically, the risk is a function of the likelihood of a cyberattack and of it causing various adverse impacts. For instance, an event that is likely to happen but has minor consequences presents less overall risk than an event that is deemed likely but would cause significant consequences.

To truly understand the organisation’s exploitable surface, insight into the likelihood of being attacked via a particular attack vector is fundamental. Organisations first need to evaluate which of their assets have the highest probability of being attacked. Second, they need to determine how valuable these assets are to the company or their customers.

Prepare for battle: Ensure your organisation is cyber-attack ready

With insight into knowing which threat actors are lurking and their preferred attack surface, the organisation is ready to simulate their attack methods to determine where the greatest risks reside and take proactive measures to mitigate potential risk. This is best accomplished by reverse engineering a cyber criminal’s past breaches. The intelligence gained by this exercise enables organisations to prioritise and implement the most effective security controls against specific cybercriminals and their tactics and techniques.

It is important to note that adversary emulation is different from pen testing and red teaming in that it uses predetermined scenarios to test specific adversary TTPs. The goal of this process is to determine whether the tactics can be detected or even prevented. As part of the emulation exercises, it’s also important to examine technology, processes and people. This will provide a comprehensive understanding of how all defences work in unison. Be sure to repeat the testing until there’s a level of confidence that the organisation will prevail against the specific adversary.

How often to perform adversary emulation is dependent on the size and type of company. For instance, large organisations and MSPs should perform this exercise at least on a quarterly basis, SMEs at least once a year or whenever there is a major new threat, whereas for enterprises, a threat-informed defence programme needs to be an ongoing effort. However, there is no such thing as over testing an organisation’s cybersecurity.

While the processes may appear arduous and even overwhelming, it is impossible to build an efficient cyber resilience programme without understanding the methods attackers are going to use. Being ready to combat cyberattacks means thinking like a hacker to improve overall security.

X Pro Tips for Effective Essay Writing

Essay writing can be a daunting task to not just students, but virtually anyone who is required to pen down one. Aside the time needed to sit and ...

Business Training

3 Simple Ways to Earn More Dog Walking Clientele

A dog walking business can be very lucrative. Pet owners outside the house for significant periods lean on this service to care for their furry fr...

Business Training

FLK IT OVER raises capital from investors in property sector

FLK IT OVER, a digital document signing tool specialising in residential real estate has secured $2.13M in its first capital raise with financial ba...


What Is A Level 2 Electrician And When To Engage One

Do you know when to hire a level 2 electrician? Knowing the qualifications of an electrician, and when one is needed, can be daunting for those wi...


Why the Building Sector will be hit HARD in 2024

Since February, 2023, there has been an upswing in housing values even with rate rising measures by the Reserve Bank of Australia. The same growth i...


WHITE LABEL NOBA’s Winter 2016 season: Earth + Country

Taking cues from the warm winter colours of tobacco and caramel, and combining them with the strength of navy and the embracing lightness of whites ...

Business Training