Written By Patrick Kilgore And Presented By Chuck Leaver CEO Ziften
When you are at the Black Hat annual conference there are conversations going on everywhere about hacking and cyber security and it can make you paranoid. For a great deal of individuals this is simply an appetiser for the DEF CON hacking program.
Some time ago a story was released by the Daily Dot which was named “The art of hacking humans” which talked about the Social Engineering “Capture the Flag” contest that has been running since 2010. In it, individuals utilize the best tool a hacker has at their disposal – their wits – and take advantage of tall stories and social subterfuge to persuade unwary victims to supply sensitive details in exchange for points. A few mistakes here, a comment about applications there, and a boom! You’re hacked and on the front page of the New York Times.
For the businesses being “Targeted” (such as big box retailers who will remain anonymous …), the contest was initially considered as an annoyance. In the years since its beginning however, the Capture the Flag contest has gotten the thumbs up from numerous a business security specialists. Its contestants engage every year to evaluate their mettle and help prospective hacking victims comprehend their vulnerabilities. It’s a white hat education in exactly what not to do and has actually made strides for corporate awareness.
Human Hacking Starts With … Humans (duh).
As we know, most destructive attacks begin at the endpoint, because that is where the human beings in your business live. All it takes is access from an ambiguous location to do serious damage. However rather than think of hacks as something to react to or a simple procedure to be eliminated, we have to remind ourselves that behind every attack there is a person. And ultimately, that’s who we need to equip ourselves against. How do we do that?
Considering that businesses operate in the real world, we should all accept that there are those who would do us damage. Rather than aiming to avoid hacks from taking place, we have to re-wire our brains on the matter. The secret is recognizing harmful user behavior as it is happening so that you can respond accordingly. The brand-new period of endpoint security is concentrated on this capability to imagine user habits, inspect and analyze it quickly, and after that react rapidly. At Black Hat we are showing folks how they can constantly monitor the fringes of their network so that when (not if) breaches take place, they can be quickly dealt with.
As a wise man once said, “You cannot protect what you cannot manage and you cannot manage what you can’t see.” The outcome significantly lowers time to discover and time to respond (TTR). Which’s no lie.