We need to put in Mindset of hacker to defend ourselves, it’s just not in technical aspects and there many other things to consider.It’s about learning from Hackers, way of thinking, act and impact of outcome.
What was their motivation and requirement?
How to they classify targets?
When they should launch attacks?
How they attack? What should be their entry point?
As we know hackers are determined and they spent huge time with an organization to find the network structure and they will infiltrate best way.
If there is an well-known vulnerability exists that will enhance the attacker to target the organization.
Many classical breaches exist, nowadays malware be more sophisticated which depends on user activity and they are well enough to bypass the security solutions.As per Verizon Data Breach Investigations Report, 92% of attacks over past 10 years associated with nine basic attack patterns. Most probably 1&2.
Nine Common Attack Patterns
1. Miscellaneous errors like sending an email to the wrong person 2. Crimeware (various malware aimed at gaining control of systems) 3. Insider/privilege misuse 4. Physical theft/loss 5. Web app attacks 6. Denial of service attacks 7. Cyber espionage 8. Point-of-sale intrusions 9. Payment card skimmers
Actions performed by hackers looks like an single incident,but it was actually a process towards target.
As a security profession we should understand the effective defense byunderstanding the offense mechanism. These insights are essential to close the vulnerabilities and attack paths that hackers will likely exploit.