Hacking your way to stronger InfoSec: Part 1

March 1, 2017 | InfoSec Workforce | By Brian Dulany |
To defend against a hacker, you need to think like one.

There's growing anxiety surrounding the information security of organizations' sensitive data and systems. With the risk of data breaches on the rise, and escalating maturity of cybercriminal tactics, businesses need to be extra careful when it comes to data protection. But at the same time, they must take a proactive and aggressive approach to InfoSec.

What exactly does this mean?

In essence, bare minimums will no longer cut it when ensuring security - organizations that rely on this lackluster approach are ideal targets for cybercriminals. Instead, to truly defend against hackers, you need to think like one.

But before we get into that, let's take a look at some of the misconceptions and assumptions associated with hackers in part one of this series on how to hack your way to stronger InfoSec.

"A hacker is someone who has the IT skills and computing expertise to break into a system"."

The mindset and motivations of hackers

The first misconception is that all hackers are bad. Sure, gaining unauthorized access to a network doesn't seem like it would be well-received in any situation. But things aren't that black and white. Being a hacker doesn't necessarily make someone a cybercriminal. Furthermore, a hacker is someone who has the IT skills and computing expertise to break into a system using bugs or security exploits.

You have black hat hackers - who maliciously infiltrate systems with the intent of stealing data, typically for monetary gain.

And white hat hackers - researchers who find vulnerabilities and share the information to help better protect organizations.

Both possess hacking capabilities and proficiencies but different motivations. One hurts your business, the other can help it. Also, black hat hackers sometimes attack each other. Whether it's because of a personal vendetta or intense rivalry, this demonstrates the "us versus them" mentality isn't as clear-cut as we may think.

Who are hackers?

A second misconception is that massive attacks are only carried out by major players. As Dark Reading explained, this can be a convenient yet dangerous assumption for organizations to make for a couple reasons:

  1. It implies these disruptions are inevitable and unavoidable.
  2. It underestimates the power of smaller, unknown actors.

The truth is that hackers need very little to infiltrate a system. All it takes is finding one loophole to circumvent security protections or gain backdoor entry into a system to cause severe damage and destruction. Add an already poorly vetted security program and publicly accessible resources to the mix, and even relatively new or amateur hackers can execute a major breach. Put simply, the biggest threats businesses today face when it comes to InfoSec may not necessarily be the well-known hacker groups. It may very well be a solo-acting agent. 

An attack can come from anywhere. Thankfully, it's not particularly difficult to figure out how a hacker might attack your organization. In part two of this blog series, we'll go into the most popular tactics cyberattackers use today, as well as how organizations can use the intelligence of hackers to better protect themselves.