Guest Blog by Zac Amos, Cyber Security Features Writer
Thinking like a hacker is the key to maximising network security. Many people approach cybersecurity from a defensive perspective, focusing on the strong points of their security strategy. Hackers recognise that every system, program, or device has some weak link. Security professionals should learn to think like them to find their networks’ hidden weaknesses.
The Attacker’s Perspective
Most people approach cybersecurity from a defence standpoint. They are thinking about how to keep people out, minimise access and lock down data. Flipping this perspective around can reveal weaknesses that would have otherwise gone unnoticed. These are the things hackers exploit when they break into victims’ networks.
The hacker looks for cracks, mistakes, weak links, and opportunities. Looking at things from an attacker’s perspective requires a hostile approach to network security. It’s natural to want to focus on what a strategy does well, but hackers will search for things it does poorly.
One crucial part of thinking like a hacker is looking for patterns. Cybercriminals often have a set of core strategies and tools they use to plan and launch attacks. Understanding them can help highlight the weaknesses someone would see when looking at the network. In fact, ethical or “white hat” hackers study common tools of the trade, such as Wireshark or Metasploit Framework, to counteract malicious hacking.
For instance, one of the most common tactics hackers use is exploiting a vulnerable low-level account and working their way up the access ladder. It doesn’t matter if there are strong password protocols and particularly well-protected high-level accounts because cybercriminals aren’t looking to break into those. Instead, they would take advantage of a lesser-protected low-level account.
Once inside, the hacker could grant that initial low-level account greater network access. From their perspective, the protocols for changing account access levels are more important than password protocols.
Leveraging Potential Weaknesses
The benefit of thinking like a hacker is leveraging the weaknesses they would exploit. Recognising what parts of a network will likely be targeted allows security professionals to strategically strengthen those areas. For instance, understanding the signs of a backdoor attack could result in stronger intrusion detection and prevention, which is a core part of network security.
This is why many former hackers make great security experts — they understand how to look for weaknesses in even the strongest defences. One weak link can bring down an entire network, even with robust security protocols.
Thinking Like a Hacker: A Basic Example
To illustrate this, imagine a basic school network security system. One of the main threats administrators might want to defend against are students trying to hack in to change their grades.
To combat this, they might require a high-level account or multifactor authentication from a teacher to change or update a grade. From the defender’s standpoint, this could seem secure — a student would need stolen credentials and a teacher or administrator’s phone to access grade data.
There’s a clear weakness a hacker would see here, though. What happens if a student steals a teacher’s phone? They might not even have to go that far. They could simply send the MFA security code request if they managed to crack a login credential combo. This would result in a text message with the code being sent to the teacher’s phone. The student would only need to glance at their teacher’s phone to see the notification with the code.
This basic example demonstrates the lengths security leaders have to go to today. Hackers are creative. Thinking about things from the attacker’s perspective can lead to more innovative, versatile security that anticipates people trying to break the rules.
Tips for Thinking Like a Hacker
How can security pros think like a hacker? It can be disorienting at first looking at security from an attack standpoint, but there are a few things to look for that would be crucial for a cybercriminal. For example, one of the most common tactics employed by hackers is creating backdoors. These private, easy-access gateways allow someone to come and go from a network as much as they need to. This is important for a successful attack since reconnaissance is often required in the early stages.
Knowing the signs of a backdoor can help security pros detect and stop them. For example, many hackers use legitimate programs to get malware into victims’ computers. This was how the NotPetya malware infected thousands of devices in 2017. Hackers are counting on network administrators failing to notice a “legitimate” program running in the background. Security pros can leverage that knowledge and employ tactics to combat backdoors, such as zero-trust policies for all apps.
An important part of thinking like a hacker is being honest about recognising weaknesses. It isn’t personal, but employees are frequently the source of cyberattacks. Hackers heavily target them because they are highly likely to have poor security practices or fall victim to social engineering. Thinking like a hacker requires security leaders to acknowledge weaknesses like this and work to reduce those risks.
Finally, it is also worth hiring a professional ethical hacker. These are people who have first-hand experience in hacking. They think like cybercriminals but use their knowledge and perspective for good rather than crime. A white hat hacker can provide guidance and help with key security measures, such as penetration testing.
Thinking Like a Hacker to Stop Them
Anyone can use the hacker’s perspective to strengthen their cybersecurity, from individuals to professional network administrators. Cybercriminals look at systems with an eye for weaknesses, flaws and vulnerabilities. They recognise that even the strongest defences usually have a weak link. By employing this perspective, security experts can identify their own weak links and leverage that knowledge to keep hackers out.