Haunted House of Hackers
Have you ever seen someone go into a haunted house with their eyes pinned to the floor? They think if they run through fast enough and don’t look any of the monsters in the eye, they’ll make it out without anyone touching them. A lot of companies are doing the same thing with their cybersecurity. They’re keeping their eyes down and hoping malicious hackers won’t see them or touch them.
The issue is that this isn’t a haunted house, where the pretend monsters are actors in costumes. Imagine if that same house was full of real-life people who were actively trying to murder you with chainsaws. Would you still look at the floor?
That may sound dramatic, but I’ve spent my career talking to victims who never believed it would happen to them…until it did. Whether you’re a SaaS provider, a healthcare vendor, or a fintech company, if you touch sensitive information, you’re a cyberattack target. And pinning your eyes to the floor doesn’t change that.
Target Hardening
Back inside the haunted house, have you ever noticed that the more scared people are, the more the actors seem to pick on them? They’re easy targets, and to be honest, more entertaining targets.
My partner is a hacker (white-hat of course), and I can tell you that he LOVES messing with people and having fun while he’s hacking (I’ve been cyber-pranked many times). And malicious hackers get just as much thrill when hacking into companies. So the question is: how do you become a company that is no fun to hack?
In policing and the military, we use the term target hardening to refer to strengthening security around a target to protect it in case of an attack. For example, your home may have an alarm system, or a fence, or locks on the windows. All of these things make your home a less appealing target for burglars.
The same goes for our cyber environments. The more oblivious we are and the longer we continue to put cybersecurity on the back burner, the more of an easy (or soft) target we become.
Here are some ways you can practice target hardening in your cyber environment:
- Firewalls and Defensive Tools
- Penetration Testing
- Continuous Vulnerability Scanning
- Social Engineering Training
- Stricter Access Control
Solution
Look up from the ground! The more you educate yourself and the more you humble yourself about your own security, the less hackers can take you by surprise.
Tools, tools, tools. It’s impossible to have a completely unbiased view of your own security. So third party tools can help. Both defensive and offensive tools combined can help you save money, reduce manpower, and provide for a harder target.
My company, Red Sentry, provides an automated, continuous pentesting platform that helps you monitor your cyber environment 365 days a year. This is just one example of a technology that can elevate your security to the next level.
Conclusion
If you handle sensitive data, you don’t have the luxury of looking down at the floor. Unlike in haunted houses, malicious hackers aren’t paid actors that will move on if we ignore them.
Costumes are gone after October 31st, but cyber monsters will still be there. Take the steps needed to protect your company.