Best protection depends on walking a mile in hacker's shoes Knowing thy enemy can be as important in defending an organization against cyber intruders as studying their tools and tactics, say security experts interviewed by CSOonline.While many defenders spend much of their time analyzing tools and tactics of their adversaries, getting into the head of potential intruders and determining how they’re motivated can tip defenders off to an attack as surely as a tell will tip off the good hand of a gambler.“You can’t defend against everything,” Gidi Cohen, CEO of Skybox Security, said in an interview. “The attack surface is like a balloon and as time goes on, the balloon is getting bigger and bigger because endpoints keep expanding.”“Knowing your adversary allows you to narrow down your focus on the assets which are the likely target of an attack,” Cohen added. In any adversarial situation, getting under an opponents’ hat is important to getting the upper hand, maintained Nick Levay, CSO of Bit9. “One of the most misunderstood words in the English language is empathy,” Levay said. “When people say it, they’re often talking about the warm, fuzzy feelings their loved ones are feeling.”“In reality,” he continued, “empathy is one of the things that’s necessary in any adversarial engagement. You have to understand how your adversary thinks so you can figure out how they’re going to come at you.” Knowing your adversary is more than knowing what thinking is behind their actions. It’s also knowing their technological capabilities. “Is your adversary capable of developing their own malicious code or are they going to use the malicious tool set of others?” said Jim Butterworth, chief security officer for HBGary.That can determine whether traditional defense tools — like antivirus and incursion detection programs — will be adequate to foil an adversary or something more will be needed.[See also on leadership: 5 cheap security strategies]It can also help a company identify what an adversary wants and set about protecting it. “A company must identify its crown jewels and then spend all their efforts protecting those crown jewels,” Butterworth said.Timing can be an important element is identifying the motives of intruders, noted Alex Lanstein, systems architect for the FireEye Network. “By tracking the timing of attackers over months or years, you can start to figure out if they are after quarterly earnings reports, information about M&A you just announced, information about a conference presentation, etc.,” Lanstein said.“When you know what they’re after you can add more monitoring of data access and general fortification of the systems that protect or access that data,” he added. A report by HP Security Research issued last week also notes that understanding your adversary and their motivations can be a valuable asset for a company.“Assessing the theater of operation from their perspective rather than limiting it to your own can provide tremendous insights,” the report said. “How an attack against your organization will materialize is directly related to the attacker’s motivations.”“An attack can be viewed in different ways based on the motivations of the attacker,” it continued. “If you understand what you are looking for, you will be able to tailor your defenses.”Tailoring defenses can be very important for budget-conscious security pros. “I have yet to meet anyone with too many resources so allocating these scarce resources in the most efficient way is very important,” HP intelligence analyst Jason Lancaster said. “Simply making those decisions based on audit findings and compliance requirements may not be enough,” Lancaster added. Related content feature How a digital design firm navigated its SOC 2 audit L+R's pursuit of SOC 2 certification was complicated by hardware inadequacies and its early adoption of AI, but a successful audit has provided security and business benefits. By Alex Levin Nov 28, 2023 11 mins Certifications Certifications IT Training news GE investigates alleged data breach into confidential projects: Report General Electric has confirmed that it has started an investigation into the data breach claims made by IntelBroker. By Shweta Sharma Nov 27, 2023 3 mins Data Breach opinion A year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence? You can try to keep the flood of generative AI at bay but embracing it with proper vigilance is likely the best hope to maintain control and prevent the scourge of it becoming shadow AI. By Christopher Burgess Nov 27, 2023 6 mins Generative AI Generative AI Generative AI feature Rise of the cyber CPA: What it means for CISOs New accountant certification rules starting January 2024 could deliver many new cybersecurity-trained accountants. Is this good or bad news for CISOs? By Evan Schuman Nov 27, 2023 7 mins CSO and CISO Compliance Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe