Home Cyber Security Asia 2021 Think Like A Hacker In The 21st Century!

Think Like A Hacker In The 21st Century!

by K. Vatsala Devi

Over the last two days, at the Cyber Security Asia summit, some subjects have been heavily discussed and exhausted, but all that signifies is that certain topics deserve importance as they help shape or mold a nation and their cybersecurity readiness.

We are after all, living in a highly digitized era and precipitated by the IR 4.0 and Covid-19 pandemic. While the world has been handling the pandemic, hackers have been working overtime to make a killing.

Cyber security, ransomware, and cyber resilience are some of the catchwords that we have been hearing ever so frequently and today Dr. Erdal Ozkaya, Chief Cybersecurity Strategist l CISO of COMODO, AUSTRALIA broke down what malware is and what it takes to manage cyber risks in an organization. Malware – according to Ozkaya – is a legitimate code doing illegitimate things. However what this codes does to us, our equipment, and our establishment is not good.

Ozkaya also said for malware to function, it needs write privileges and if we as users don’t provide it or enable it by allowing it to reach the CPU then we can prevent malware from happening.

If the solution to preventing malware is so simple, then why are we continuing to allow malware/ransomware to run? The answer is that we have chosen the wrong a wrong cybersecurity posture. Cybersecurity posture refers to the overall cybersecurity strength of an organisation. This posture reflects the security of an IT network, estate, or system, particularly relating to the internet and the defences in place to prevent an attack – as described by Risk Xchange.

Types of Cybersecurity Posture

There are three types of cybersecurity posture;

Allow All, Deny Bad

Allow All, Deny Rest

Allow Good, Allow Rest with Attack Surface reduction (ASR).

With the first cybersecurity posture, the question that arises if how can a person know which is good and which is bad. How can an employee prevent the damage when the cybersecurity system and product fail to detect it? The second posture is equally ineffective because it is not user friendly and hard to accomplish.

The third posture is one that should be adopted by organizations because this way we are not restricting users by denying any application from running on their computer, but you are denying any unknown ransomware or malware from causing damage because it is operating in a restricted (ASR) mode where they are not allowed to cause damage. Categories of attack surfaces can be broken down to a few categories such as human attack surface, network attack surface, systems attack surface, application attack surface, and lastly OS/Kernel attack surface.

Think Like A Hacker

Here, Ozkaya explained that it is imperative to anticipate the thought process of a hacker. He explained that sophisticated attackers will only choose avenues that can be exploited successfully and that they would also look for the weakest link as they are the easiest to attack. He also explained that most successful attacks leverage on known vulnerabilities such as mis-configuration and human errors to name a few.

The way to limit breach damage is to think like a hacker and for organisations to have their cybersecurity goal where the strategy is not to be as secure as possible but to be as secure as necessary.

Follow us on ESPC2GO for updates and news on Cyber Security Asia 2021.

Related Articles

We use cookies to improve user experience, and analyze website traffic. For these reasons, we may share your site usage data with our analytics partners. By clicking “Accept Cookies,” you consent to store on your device all the technologies described in our Cookie Policy. Accept Read More

ESPC on the go