Best protection depends on walking a mile in hacker's shoes Knowing thy enemy can be as important in defending an organization against cyber intruders as studying their tools and tactics, say security experts interviewed by CSOonline.While many defenders spend much of their time analyzing tools and tactics of their adversaries, getting into the head of potential intruders and determining how they’re motivated can tip defenders off to an attack as surely as a tell will tip off the good hand of a gambler.“You can’t defend against everything,” Gidi Cohen, CEO of Skybox Security, said in an interview. “The attack surface is like a balloon and as time goes on, the balloon is getting bigger and bigger because endpoints keep expanding.”“Knowing your adversary allows you to narrow down your focus on the assets which are the likely target of an attack,” Cohen added. In any adversarial situation, getting under an opponents’ hat is important to getting the upper hand, maintained Nick Levay, CSO of Bit9. “One of the most misunderstood words in the English language is empathy,” Levay said. “When people say it, they’re often talking about the warm, fuzzy feelings their loved ones are feeling.”“In reality,” he continued, “empathy is one of the things that’s necessary in any adversarial engagement. You have to understand how your adversary thinks so you can figure out how they’re going to come at you.” Knowing your adversary is more than knowing what thinking is behind their actions. It’s also knowing their technological capabilities. “Is your adversary capable of developing their own malicious code or are they going to use the malicious tool set of others?” said Jim Butterworth, chief security officer for HBGary.That can determine whether traditional defense tools — like antivirus and incursion detection programs — will be adequate to foil an adversary or something more will be needed.[See also on leadership: 5 cheap security strategies]It can also help a company identify what an adversary wants and set about protecting it. “A company must identify its crown jewels and then spend all their efforts protecting those crown jewels,” Butterworth said.Timing can be an important element is identifying the motives of intruders, noted Alex Lanstein, systems architect for the FireEye Network. “By tracking the timing of attackers over months or years, you can start to figure out if they are after quarterly earnings reports, information about M&A you just announced, information about a conference presentation, etc.,” Lanstein said.“When you know what they’re after you can add more monitoring of data access and general fortification of the systems that protect or access that data,” he added. A report by HP Security Research issued last week also notes that understanding your adversary and their motivations can be a valuable asset for a company.“Assessing the theater of operation from their perspective rather than limiting it to your own can provide tremendous insights,” the report said. “How an attack against your organization will materialize is directly related to the attacker’s motivations.”“An attack can be viewed in different ways based on the motivations of the attacker,” it continued. “If you understand what you are looking for, you will be able to tailor your defenses.”Tailoring defenses can be very important for budget-conscious security pros. “I have yet to meet anyone with too many resources so allocating these scarce resources in the most efficient way is very important,” HP intelligence analyst Jason Lancaster said. “Simply making those decisions based on audit findings and compliance requirements may not be enough,” Lancaster added. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe