To Understand the Hacker, You Must Become the Hacker
Hackers are mysterious. Not much is known about them - until they get caught, at least. But until the divine hammer of justice is brought down upon them, they will continue to stalk the shadows and wait for us to unknowingly hand over our personal information. What they don't want you to know is that they generally act according to a few particular variables, and that it is possible to avoid their pitfalls.
Today, it seems like there are more hackers than ever before, and they are coming up with new pitfalls, traps, and threats all the time. In fact, just last week, a new major security vulnerability was discovered called POODLE (Padding Oracle On Downgraded Legacy Encryption). This POODLE vulnerability allows a hacker sharing a network with you to hijack and decrypt the session cookie that identifies you to a service (like Google), and then take over your accounts. You can read more about it in a paper published by Google security.
POODLE, Heartbleed, Shellshock, BadUSB, the list of new vulnerabilities that hackers are finding and exploiting goes on. How can you stay ahead of every new threat and have peace of mind that your company's network is safe?
The first step toward foiling the plans of a hacker, is to not make assumptions. Human beings make mistakes by nature, and nobody is perfect. But mistakes can happen when we aren't careful, and that's what hackers take advantage of. In order to protect yourself from them, you should think like one.
Step 1: Infiltration
As a hacker, the first thing that comes to mind is how you are going to access a system. It doesn't matter whether it's internal or external, online or offline - anything will suffice, so long as they can get access to something they wouldn't normally have access to. Once they get into your network, it's difficult to stop them from doing damage. The key to stopping a hacking attack is to prevent them from gaining access to your system.
Here are a few ways you can prevent hackers from gaining access to your workstations and network:
- Use up-to-date antivirus software.
- Don't click on suspicious-looking emails or attachments, especially if they are from an unidentified sender.
- Don't allow strangers to physically access your network (i.e. letting someone use your computer you don't even know).
- Be wary of phone calls and people asking for personal information. Don't be afraid to be stern with them, especially if they are acting strangely or are asking for unnecessary information, like your social security number or credit card information.
- They don't feel they need it - a severe misconception.
- They don't have the time to implement it - another severe misconception.