They find the edge between “yes” and “no” and test how sharp that edge really is. They see patterns and then figure out when those patterns stop applying. While most people see a direct line between points A and B, attackers often look at how points D and F can get them to point B. Their greatest advantage is your greatest challenge: the attacker only needs to be right once, but defenders must be right all the time. In the physical world, attackers tailgate by loitering near a door to a facility and following someone with legitimate access into the building. In the cybersecurity world, digital “honey pot” websites allow attackers to lie in wait for unsuspecting victims to come to them. But that is exactly what an attacker does. We simply can’t be in all the right places just waiting for the right time to come around.
DEFCON 1 MENTALITY PROFESSIONAL
PatienceĮver found yourself in the right place at the right time? Whether we attribute it to luck or serendipity, most of us also seek to create those situations for ourselves in our daily personal and professional lives, but our results are usually hit or miss. Using data as an example, the cybersecurity “CIA Triad” of confidentiality, integrity, and availability tells you that theft is not the only threat-an attacker could also harm your organisation by clandestinely disrupting your data integrity or denying you or your customers access to your data. One’s reputation, relations, personnel, speed of business, and mental wellness can be targets for specific attackers with specific agendas. Attackers may seek different items, depending on whether they are thieves, conspirators, leakers, discontents, or opportunists. In today’s world, opportunities for financial gain are much broader than before.
It may sometimes be as obvious as money or intellectual property, or it could also be other items. You may be surprised by what attackers consider valuable and why.
They will know because they are always sizing up people and opportunities for personal gain. If you ever wanted to know the comprehensive list of valuables you have access to, just ask an attacker. They know what they want, and they go for it. They are not constrained by administration, bureaucracy, or budget, and they do not make decisions by committee. Professional attackers are not distracted by what is happening on the side lines they focus exclusively on mission achievement. But what, exactly, sets them apart? Singular mission focus. They are comfortable masquerading as someone else, building false relationships, and hiding the truth.įor instance, attackers have no qualms about following your CFO home to collect personal information, booking a room on your CEO’s hotel floor and “getting to know” him or her at the hotel bar to collect details about the company, sending your IT staff cool gifts laced with malware, or even using Facebook to send your kids a malicious link hidden within a game. They look for exploitable motivations and vulnerabilities to create self-serving situations. Each encounter would be based upon the assumption that there are no rules of engagement, political correctness, manners, morality, or conscience at play.Īttackers are comfortable doing things that most people aren’t.
DEFCON 1 MENTALITY HOW TO
Everyone’s first thought upon meeting someone new would be how to manipulate them for personal gain. Society would be far less enjoyable if we all adopted an attacker mentality. According to Val LeTellier, chair of ASIS International’s Insider Threat Working Group, adopting the mentality of the attacker can prevent an insider and in doing so save up-time, reputation, jobs and embarrassment.
0 kommentar(er)
