Written By Patrick Kilgore And Presented By Chuck Leaver CEO Ziften
When you are at the Black Hat yearly conference there are conversations going on all over about hacking and cyber security and it can make you paranoid. For a great deal of people this is simply an appetizer for the DEF CON hacking program.
A long time ago a story was released by the Daily Dot which was named “The art of hacking humans” which talked about the Social Engineering “Capture the Flag” contest that has actually been running from 2010. In it, individuals utilize the very best tool a hacker has at their disposal – their intelligence – and take advantage of exaggerations and social subterfuge to encourage unsuspecting victims to supply delicate information in exchange for points. A couple of mistakes here, a remark about applications there, and a boom! You’re hacked and on the front page of the New York Times.
For the businesses being “Targeted” (such as huge box merchants who will remain nameless …), the contest was originally considered as an annoyance. In the years since its creation however, the Capture the Flag contest has actually gotten the thumbs up from many a business security professionals. Its contestants engage each year to evaluate their mettle and assist potential hacking victims comprehend their vulnerabilities. It’s a white hat education in exactly what not to do and has made strides for corporate awareness.
Human Hacking Begins With … Humans (duh).
As we understand, most harmful attacks begin at the endpoint, since that is where the human beings in your company live. All it takes is access from a nebulous place to do severe damage. But rather than consider hacks as something to respond to or a mere process to be killed, we need to advise ourselves that behind every attack there is a person. And eventually, that’s who we need to equip ourselves against. But how?
Considering that companies operate in the real world, we should all accept that there are those who would do us harm. Instead of attempting to prevent hacks from occurring, we have to re-wire our brains on the matter. The secret is recognizing malicious user behavior as it is occurring so that you can respond appropriately. The brand-new period of endpoint security is concentrated on this capability to visualize user behavior, check and evaluate it rapidly, then respond quickly. At Black Hat we are revealing folks how they can continuously monitor the fringes of their network so that when (not if) breaches happen, they can be swiftly tackled.
As a wise man once said, “You can’t secure what you cannot manage and you cannot manage what you cannot see.” The outcome dramatically decreases time to identify and time to respond (TTR). Which’s no lie.