The Eternal Sunshine of the Criminal Mind
madhav
Tue, 07/18/2023 – 04:29
Everyone who works in cybersecurity or IT knows the frustration of dealing with relentlessly creative threat actors. Every day it seems, breaking industry news reveals another story about how a criminal gang or hacker penetrated a website, database, or device by reverse engineering its defences, discovering a weakness, or by using a feature or tool in a way other than for what it was intended. From SQL injection to code hidden inside digital images, to convincing AI-based GPT technologies to step around their own strict rules of behaviour, these people seem to have levels of ingenuity and energy that far surpass those of ordinary people.
How can we get a piece of that? Why does it seem that threat actors have the advantage in this war? Or is such an assessment even accurate?
The fact is, despite their cleverness in finding workarounds and vulnerabilities, it is still easier to break something than to build something. They need only find that one thing. Those who develop software or design devices from the ground up are just as intelligent and driven, but they must deal with design issues, quality assurance, shift-left /continuous testing, deadlines and budgets and still produce a viable product. They hire pen testers and ethical hackers to help locate those flaws. They pay bug bounties, and they relentlessly seek to improve their products with new iterations and upgrades.
Yet it is the hackers who get the media attention, and often the reward for spotting a weakness hidden deep inside a code or a machine.
Proactivity means challenging the norms
Proactive security, defence in depth, zero trust – these are all practices that developers and organizations must embrace and practice continually. But much of what makes for secure borders comes from practices rooted in human factors. It is based on psychology and physiology. It’s about trust and errors. For example, a person who walks into a place of business, like a bank or an office tower, and w
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: