NetworkTigers on how and why business owners should think like a hacker.
Why dabble in the dark side? Because year after year, we observe that the effectiveness of traditional security strategies cannot keep up with evolving threats. It’s time for business owners, entrepreneurs and administrators to learn how to think like hackers.
Despite the awareness that headlines describing far-reaching hacks and breaches of major companies have brought to the danger and sophistication of today’s cyberattacks, their rates of success and prevalence have increased dramatically.
Evidence strongly suggests that to keep their systems safe from attack, companies need to remain clever and quick on their feet to beat the bad guys at their own game.
Cybercrime rates continue to escalate
According to the World Economic Forum’s Global Cybersecurity Outlook report, 2021 saw a 125% increase in cyberattacks worldwide. Check Point Research reports that cybercrime grew by another 38% in 2022, with numbers “driven by smaller, more agile hacker and ransomware gangs, who focused on exploiting collaboration tools used in work-from-home environments” and “education institutions that shifted to e-learning post-COVID-19.”
The explosion of AI chatbots and tools like ChatGPT is expected to make 2023 another banner year for cybercrime as hackers weaponize these tools to inflict harm and conduct campaigns to steal data and money.
How to think like a hacker
Look to the future
Cybercriminals are as quick to fold new technology into their toolsets as they are to jump on newly discovered security vulnerabilities. Thinking like a hacker, therefore, demands that business owners keep an eye on the cutting edge. This blurry line between current tech and “what’s next” is not typically where an entrepreneur concerned with stability and predictability spends much time. Savvy criminals, however, know that opportunities to leverage an unexpected new technology or vector exist in this realm.
Security blogs, tech magazines and news outlets are excellent sources of information for anyone looking to avoid being blindsided. From deepfake audio calls to malicious chatbots, business owners can get a high-level view of current dangers and pass that knowledge on to their employees.
Look to the past
New attack techniques, bugs and vulnerabilities are developed or discovered daily, making an overwhelming scenario for even the seasoned IT professional. However, the methods employed by hackers to get their way are often repeated. From installing backdoors to leveraging old-fashioned voice calls to ensnare victims, tried and true scam methods used in previous attacks remain effective. They can show IT administrators what to expect from the average criminal.
Internet databases, forums and websites also contain a wealth of information about attack strategies and the tools criminals use.
MITRE ATT&CK, for example, is “a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.” Security-minded professionals can find data about attack types and mitigations to employ against them on this site, designed to foster communication amongst network defenders.
Develop an adversarial mindset
Given their regular workflow, every IT professional or business owner knows how their systems are supposed to function. But what happens if deviations are made to how it’s operated? Can holes be punched in a company’s security if someone strays off the beaten path and breaks your platform? Are there ways in which someone might be able to force their way into an account or perhaps remain undetected after doing so?
Thinking like a hacker means imagining ways your processes can be upended, overwhelmed, or broken. Hackers don’t care what your system is supposed to do, so put on your black hat and think of ways someone might be able to get it to bend to their will instead.
Know how an attack is staged
From initial intrusion to full-scale takeover, most cyberattacks follow similar steps to achieve their end goal. Familiarization with this process will allow business owners to recognize the signs of an attack in progress and determine weak spots in their system in which stages of an attack may occur undetected.
There are seven stages of a cyberattack to be aware of:
- Reconnaissance. This is an information-gathering phase in which a hacker learns about their target and identifies possible entry points.
- Weaponization. This could be a fraudulent website that looks identical to the one used by the victim or spear phishing emails. The gathered information is used to devise an attack strategy allowing entry.
- Delivery. The hacker sends their emails, makes phone calls, publishes their malicious site, or puts their attack in motion.
- Exploitation. Once the hacker has entered the targeted system, they probe for additional ways to move around the network.
- Installation. In this phase, an attacker installs a backdoor within the compromised system to maintain access for as long as possible.
- Command and control. With network access that is now uninterrupted, the hacker can execute commands and lock legitimate account holders out of the system.
- Action on objective. A hacker can impersonate employees, steal or delete data, vandalize the company via web and social media content or encrypt files to stage a ransomware attack.
Find your weak points
Hackers are opportunists, pouncing on weaknesses in equipment, software and personnel.
Outdated hardware should be replaced as soon as possible, especially any gear the manufacturer no longer supports. There is money to be saved and new features to be employed in purchasing real-world tested refurbished network components from a trusted retailer.
Staff training is essential. Think about what employees can access potentially dangerous administrative accounts and be sure to keep them privy to phishing techniques. While many think of hacks as highly technical events in cyberspace, seizing on an uninformed employee and convincing them to turn over login credentials or other sensitive data is simply a common strategy that scammers employ.
Don’t neglect the workers you may assume are disconnected from your network’s most valuable assets. While you may think that IT administrators are the only ones in the crosshairs, employees tasked with mundane work are favored by criminals. For example, those responsible for large volumes of repetitive call or email screening are especially vulnerable to attack and are often not trained to discern legitimate requests from fraudulent ones.
Close the gaps
Passive security and reactive strategies were enough to keep data from the wrong hands in previous years. However, the future demands creative, proactive measures that close small but critical security gaps that most would never consider. While it takes work and practice, thinking like the enemy can allow business owners to see vulnerabilities before the bad guys do.