Why You Must Think Like a HACKER to Prevent CYBER ATTACKS
Here’s the cheat-sheet for this week’s episode of Life of a CISO. In order to be a good CISO, it’s not enough to think like IT support, you must learn to think like the adversary. Remember, prevention is good, but detection is a must, and you can’t have 100% security and have functionality.
Tune in to today’s episode to learn how to start thinking like a hacker so that you can prevent cyber attatcks!
In this episode:
- 0:04 Welcome to this episode of Life of a CISO
- 0:37 The importance of thought leadership and strategic thinking
- 2:15 The most important thing a CISO needs to know: Your critical data, the threats, and vulnerabilities that exist that could cause harm to that critical data?
- 4:30 100% security doesn’t exist
- 5:17 What is the difference between a major breach and a minor breach?
- 6:43 A minor breach is caught before major damage is done. A major breach is not
- 8:20 Prevention is ideal, detection is a must
- 9:00 How does an attack occur?
- 9:22 Every attack is not unique
- 10:30 Think like an attacker
- 11:13 The server and the client
- 15:11 The 5 step process
- 12:14 Companies fail because they focus most on step 3
- 13:06 An easy way to see what is visible from outside of your network
- 15:06 The adversary knows more than you do
- 17:06 It all starts with an accurate network diagram
- 18:33 Do your reconnaissance, just like the adversary
- 19:05 The server (part 1)
- 20:29 Start with internet-facing systems
- 21:35 The 90% rule
- 23:45 If you don’t know the vulnerabilities, your adversary will
- 24:32 No internet-facing system can have critical data
- 27:00 Users (Part 2)’
- 28:25 Emails are not good for file transfers
- 29:18 Cost/benefit analysis if you stopped allowing email attachments
- 30:15 Awareness of users
- 30:40 Most attacks are targeted for Windows
- 32:28 Review and wrap-up.