How do we stop hackers without understanding their true nature? What are they after, what is valuable to them? And how does what is valuable to them translate to our losses?
Being in the business of threat intelligence, we see how disproportionate hackers’ gains are when compared to the losses they inflict upon affected organizations. By far, not every stolen record gets abused. Yet, since there is no easy way to determine what becomes of the stolen data, the organization has to declare a total loss, even in a case of a minor breach.
Let’s try to understand hackers a little bit more. Who are they? Who do they work for? Where do they reside? What motivates them? How did they learn their craft? What do they do with the stolen data? What are they afraid of?
Today, brazened hackers take over our systems and demand a ransom. They give interviews to the press, they walk around their hometowns with their head held high, far away from justice. The world’s current political environment serves as their encouragement and provides cover for their evil acts.
Sure, we have regulatory security to give us the guidelines on what is the standard of care for our data, yet the hackers do not care about “certified” secure sites. They look for the vulnerabilities beyond patches and beyond application faults. They are moving into the arena of exploiting the end-users.
You cannot “patch” a person. Yet, hackers are getting smarter and creating repeatable formulas playing on people’s empathy and/or feelings.
The primary goal is to stop hackers. Even with the current level of knowledge and experience gained from previous hacks, stopping hacking is not an easy task. There are no universal hacker deterrents, but there are ways to slow down their advances over time.
Better access management is one of the keys. That not only focuses on better passwords, but on leveraging available authentication techniques, variances and safety measures. We also will address the development of honeypots, not only as systems that are perceivably weaker, but as applications, components and even credentials, where a compromise will alert when attempted to be exploited.
At the end of the talk, we are not going to be afraid of the unknown. Each attendee will come out with a list of viable steps to formulate a plan to deter hackers – to make them turn away at the door, and even if they try their virtual assault, to ensure they are met with alarms and proactive actions specific to their attack type.
(About the author: Alex Holden is president and CISO at Hold Security LLC and a member of the ISACA. This post originally appeared on his ISACA blog, which can be viewed here).