Earlier this morning I was having another very interesting conversation with the same person a month ago. This time the conversation centered around the topic of hackers and their motivations.
The way I see it, adversaries have one of two reasons to do what they do: money or ideology. Sure, there are more, but it comes down to these two. I mean, they want either the data you have (for money or political reasons) or to bring you down (for money or political reasons). That's the thick of it.
People over complicate the security world, in my opinion. Adversaries are simple. They might do complex things, they might utilize complex technologies and launch complex attacks, but they are simple and goal-driven. They know what they want and they always find the easiest, simplest way to achieve this.
A good adversary doesn't look at your digital footprint alone. No. She looks at your physical footprint too and, more importantly, your social footprint. Yes, people. People are the main reason in the majority of the latest breaches. Exploit the people and you will be able to exploit either the digital or physical worlds as well. Or both.
You cannot simply continue to add more firewalls, more stupid antiviruses, more IDS's and IPS's, more SIEM technology and security aggregation. You can't just throw money at the problem and hope it will go away. It will not.
The perimeter is no longer the focus, you can't just continue to think in 1990's terms. The adversary has shown you repeatedly that it doesn't matter how tight the perimeter is, they will get in. Stop thinking like this.
Start thinking like the adversary. Start Red Teaming yourself.
The security industry is becoming stagnant. New products appear, yes, new technology makes it possible to monitor and detect intrussions and malicious activities inside your systems and networks... But, isn't that already too late? I mean, the adversary is already in.
Rule 31: “Bad guys attack, and good guys react” is not a viable security strategy.
All this new technology is good, it helps, but how about you have some forward thinking. How about to begin to understand the adversary instead? How about you begin to look at yourself from their side of the fence, what do they see? What's sticks out? What can be exploited?
Looking at yourself from an attacker side, Red Teaming yourself, is a good strategy. Knowing what might come next will help you prepare better. And guess what? If you are better prepared, chances are that those adversaries that see you as a target of opportunity might go somwehere else, somewhere where people are unprepared... Preemtive security works, both in the digital and physical security worlds.
Begin to think like a Red Teamer. Like an adversary. See it like they do.