13 September 2017


#CBICyber breakout session review: The habits of highly effective hackers

Ryan Kazanciyan, Chief Security Architect at Tanium, shared his insights on the habits of effective hackers at the CBI’s Cyber Security Conference

#CBICyber breakout session review: The habits of highly effective hackers

To know your enemy is one way to approach a security strategy against hackers. Ryan Kazanciyan, Chief Security Architect at Tanium has years of experience learning from and mimicking the methods used by hackers to identify and exploit vulnerabilities in organisations’ IT systems. So how can companies ensure their systems aren’t breached, rather than paying for costly fixes?

Hackers get to know a system before they attack it.

Hackers will spend months gathering intelligence on the users, systems and data they are interacting with. This reconnaissance stage can give hackers a full picture of your system. To prevent a hacker exploiting this, a business needs a full inventory of their assets, visibility of them, and the ability to detect unauthorised activity. This could include logs of hardware, users, and downloaded applications. Adding new tools expands the ‘attack surface’ for hackers as well as the resource a business needs to maintain its security, so sometimes the best option to improve security is to remove tools, rather than add them.

Hackers will find a foothold and then maximise the opportunity.

Hackers don’t see a company’s system in silos, so businesses must take a holistic approach too. Most security breaches will happen because a hacker gets a foothold and then uses it to access other parts of the system. These footholds can begin with just one system user and breaches of ‘third party’ applications are an example of where a gap in a business’s security protocol could occur.

The good news is that some of the most common initial breaches can be prevented. When software providers are aware of any vulnerabilities, they often provide warnings and ‘patches’ to fix the issue.  To manage risks, businesses should ensure that up-to-date patches are installed, review the completeness and accuracy of the applications being used, and assess whether the system could contain a threat to these applications. But these preventions are only effective if warnings are heeded. The “WannaCry” ransomware attack that hit the headlines earlier this year, for example, could have been avoided had the warnings Microsoft issued as early as 2015 been taken.

Finally, hackers are persistent and use a mix of tools, so businesses must aim for a resilient system.

Beyond good visibility and knowledge of the system, good management of the software supply chain is important in limiting the risk of security breaches from one of the ranges of tools hackers use. Ensuring that the easy thing is the safe thing for your employees or end-users can be the best option. Businesses should think about how to protect the whole system, rather than just limiting risk at the point of the end user. 

Thanks to our partner Tanium for facilitating the breakout session. Join the live conversation on #CBICyber