Written By Patrick Kilgore And Presented By Chuck Leaver CEO Ziften
When you are at the Black Hat yearly conference there are discussions going on everywhere about hacking and cyber security and it can make you paranoid. For a great deal of individuals this is just an appetizer for the DEF CON hacking show.
Some time ago a story was released by the Daily Dot which was named “The art of hacking humans” which went over the Social Engineering “Capture the Flag” contest that has actually been running from 2010. In it, individuals use the very best tool a hacker has at their disposal – their wits – and take advantage of exaggerations and social subterfuge to persuade unwary victims to offer sensitive info in exchange for points. A few errors here, a remark about applications there, and a bang! You’re hacked and on the front page of the New York Times.
For the businesses being “Targeted” (such as big box sellers who will stay nameless …), the contest was initially deemed a problem. In the years since its inception nevertheless, the Capture the Flag contest has actually gotten the thumbs up from many a corporate security professionals. Its contestants engage every year to test their mettle and help prospective hacking victims comprehend their vulnerabilities. It’s a white hat education in exactly what not to do and has made strides for business awareness.
Human Hacking Starts With … Humans (duh).
As we understand, the majority of harmful attacks start at the endpoint, because that is where the humans in your company live. All it takes is access from an ambiguous place to do serious damage. However rather than think about hacks as something to respond to or a mere procedure to be killed, we have to advise ourselves that behind every attack there is an individual. And ultimately, that’s who we have to arm ourselves against. But how?
Since businesses exist in the real world, we need to all accept that there are those who would do us damage. Instead of attempting to avoid hacks from occurring, we need to re-wire our brains on the matter. The key is identifying destructive user habits as it is happening so that you can respond accordingly. The new era of endpoint security is concentrated on this ability to picture user behavior, check and evaluate it quickly, and after that react rapidly. At Black Hat we are revealing folks how they can continuously monitor the fringes of their network so that when (not if) breaches occur, they can be quickly cut down.
As a wise man once said, “You can’t secure what you cannot manage and you can’t manage what you cannot see.” The result drastically lowers time to detect and time to respond (TTR). And that’s no lie.