“If you know the enemy and know yourself you need not fear the results of a hundred battles.” Sun Tzu
Organizations are moving beyond the “it will never happen to me” phase of cybersecurity reality to the “it’s only a matter of time” phase. The laundry list of leading-edge technology companies and government organizations that have fallen victim to cyber-crime over the past several months has sent a clear and urgent message to those organizations that have remained unharmed… thus far.
The time to get serious about protecting your sensitive documents, proprietary company information, and customer data is now.
Related post: 10 penetration testing resources to bookmark
The starting point for almost any organization is to think like your adversary. Even organizations that have been serious about securing their electronic information should think like an attacker.
This type of thinking isn’t new to the security field, however, many organizations don’t have the personnel with the experience or knowledge to truly understand how an attacker may go about uncovering vulnerabilities in their network. However, as networks expand, IoT's connect to them, and the potential attack surface grows for attackers, we have to put ourselves in their shoes and ask the tough questions about their objectives to start defending:
Law enforcement has used ex-criminals to understand criminal behavior and subsequently apprehend criminals, and NFL coaches have hired defensive gurus as consultants to provide insight in order to upgrade offenses.
As a matter of fact, aren’t we constantly reminded to think like our adversary in order to anticipate their next move?
That said, protecting your organization from cyber-criminals is a little different – a little more complicated.
We know this because malware is being uncovered after quietly exfiltrating data from Fortune 500 companies for years at a time. The 2016 Verizon DBIR confirmed that the dwell time, or time that malware spends on a system or network before being discovered has never been longer.
Further, incidents and breaches are increasing at the fastest rate ever despite the explosion in perimeter, end point, network, and behavior analytics tools geared specifically to protect against the advanced malware we are seeing today.
The solution in part is thinking like your enemy and in the digital security world we know that as Penetration Testing or Pen Testing. However, like I said before, it is complicated; we have to test hosts, network ranges, all varieties and kinds of applications and much more; to do that accurately you need experts who understand how to exploit them.
Penetration Testing in the cybersecurity world and it is all about hiring experienced hackers to try and get into your network the same way the bad guys would. The benefit of this process you get a clear understanding of your vulnerabilities, how to respond when an attack occurs and how to protect your most valuable company assets.
There is no holy grail to protecting your company’s data; as I emphasized, it really is complicated. However understanding your adversary and seeing what they see is a first step toward building a defense and protecting yourself.
Interested in knowing more? Access our webinar to learn: