Time to Hire [Ethical] Mr. Robot?
It is virtually impossible to go through a day without hearing about another organization who has been the victim of a cyber attack. Most recently, or at least most publicized, is the hack of the Democratic National Committee. Just a few weeks ago, the Library of Congress was hit hard by a Distributed Denial of Service (DDoS) attack that shut down their website for three days. Experts are issuing warnings regarding hacking threats at the Rio Olympics that started this week. Everyone has a target on their back (albeit some larger than others) – no industry is immune.
It can be overwhelming to many businesses, especially small and mid-sized, to implement policies and solutions to help prevent these type of attacks from affecting their organization. While some cybersecurity companies advertise a silver-bullet solution that guarantees 100% protection (news-flash: it doesn’t exist), we at DGS recommend a comprehensive risk management program, one that identifies potential vulnerabilities that could be exploited. Put another way – you need to think like a hacker.
Enter Elliot Alderson. Elliot is a cybersecurity engineer (on the hit show, Mr. Robot) that works for a small cybersecurity firm. The firm has been hired to both prevent and mitigate cyber-attacks. It becomes apparent fairly quickly that Elliot is one of the most talented individuals on the team. It also becomes apparent that the reason he is so good at preventing hackers from doing more damage, is the fact that he himself is a vigilante hacker. Obviously, we are not endorsing this, but the key takeaway here is that thinking like a hacker can help you prevent future attacks.
As mentioned earlier, DGS recommends the establishment of a risk management program, and as part of that, ethical hacking. Ethical hacking (EH) is an attempt to circumvent an organization’s security infrastructure in a controlled manner. In short, it is the process of examining an organization’s network the same way an adversary might examine it. It follows the same methodology an attacker would follow – target reconnaissance, scanning, gaining access (and escalating privileges), and maintaining access. Like adversaries, ethical hackers attempt to evade detection by the organization; however, they work with the organization in order to improve protection and detection capabilities. Ethical hacking will allow you to see your network from the perspective of an attacker, thus allowing you identify unknown vulnerabilities as well as any weaknesses in your policies, processes, and procedures. Also, EH may identify unknown services or systems on your network that were previously installed and forgotten about.
DGS maintains a deep bench of Certified Ethical Hackers, and has provided vulnerability scans and participated on Red Teams for our clients. Our Ethical Hacking Division will assist you with an EH engagement that will replicate the tactics and procedures of your identified threats, as we attempt to identify and exploit both known and unknown vulnerabilities. For more information on DGS, or to request a White Paper on Ethical Hacking, please contact us at firstname.lastname@example.org.