Thinking like your attacker
The slew of breaches that have littered the headlines over the past few years have shown that no company, no matter how much money they have spent on cyber security, is secure. At the same time, threats are growing increasingly sophisticated and complex, causing more and more damage to bottom lines and reputations alike.
Many security practitioners have likened the fight against cyber attackers to military combat. Concepts such as strategy, tactics and operations have been compared to strategies used to protect our most valuable information and assets. And, much like traditional warfare, cyber security has two components - an offensive and a defensive one. Each component can be used in specific situations.
Marc Silver, security manager at Discovery Holdings, will be discussing 'defensive InfoSec and why we need to think differently' during his presentation at the ITWeb Security Summit 2016, to be held at Vodaworld in Midrand from 17 to 19 May.
"I see information security as a multi-faceted discipline," he says. "On the one side we have people who focus on offensive information security, individuals who break systems, uncover exploits and suchlike. On the other side we have people responsible for defensive systems which include detection of breaches, mitigation of exploits and so on."
It is Silver's belief that it is important for defensive players to try and think differently about the approaches they take when looking at information security in general.
"It's important to understand the restrictions of the products in your environment and to understand that attackers are actively thinking of new ways to counteract those technologies. As such, we need to adapt in order to detect attackers. We need to think about new approaches to old problems."
He adds that in his view, security breaches from strong, focused attackers with large resources cannot be prevented. "This is why identification is absolutely crucial. It is this mindset that I will be covering in my talk. How we need to think like attackers when we defend.