Charles Leaver – If You Want To Win The Cyber Security War Then Accept That Hacking Is Human

Written By Patrick Kilgore And Presented By Charles Leaver CEO Ziften

When you are at the Black Hat annual conference there are discussions going on all over about hacking and cyber security and it can make you paranoid. For a lot of people this is simply an appetiser for the DEF CON hacking program.

A long time ago a story was released by the Daily Dot which was named “The art of hacking humans” which talked about the Social Engineering “Capture the Flag” contest that has been running from 2010. In it, individuals utilize the best tool a hacker has at their disposal – their intelligence – and utilize tall tales and social subterfuge to convince unsuspecting victims to provide delicate information in exchange for points. A couple of slip ups here, a comment about applications there, and a boom! You’re hacked and on the front page of the New York Times.

For the businesses being “Targeted” (such as huge box merchants who will remain nameless …), the contest was initially considered as an annoyance. In the years since its creation nevertheless, the Capture the Flag contest has actually gotten the thumbs up from many a corporate security experts. Its participants engage every year to test their mettle and assist possible hacking victims understand their vulnerabilities. It’s a white hat education in exactly what not to do and has actually made strides for corporate awareness.

Human Hacking Begins With … Humans (duh).

As we understand, a lot of destructive attacks start at the endpoint, because that is where the humans in your business live. All it takes is access from an ambiguous area to do serious damage. But rather than consider hacks as something to respond to or a simple process to be eliminated, we have to advise ourselves that behind every attack there is an individual. And eventually, that’s who we need to equip ourselves against. How do we do that?

Because companies operate in the real world, we need to all accept that there are those who would do us harm. Rather than trying to prevent hacks from happening, we have to re-wire our brains on the matter. The secret is recognizing destructive user behavior as it is happening so that you can respond appropriately. The new age of endpoint security is concentrated on this ability to imagine user habits, check and examine it rapidly, then respond quickly. At Black Hat we are showing folks how they can continuously monitor the fringes of their network so that when (not if) breaches occur, they can be promptly tackled.

As a wise man once stated, “You cannot protect what you cannot manage and you can’t manage what you can’t see.” The outcome dramatically reduces time to discover and time to respond (TTR). And that’s no lie.