In order to proactively address security gaps, and raise the bar in your defense, you need to first understand who is coming after you. It is critical to understand how they think and plan.
A big part of this understanding, is the knowledge that, to prevent you first need to understand what you are trying to secure.
Take a look at your adversaries, create a theoretical profile, and then take it to the field. Look at yourself as a target and how, based on the adversaries you just profiled, things can be exploited and manipulated. Figure out what you would do as a bad guy.
Take the adversarial approach of thinking.
Without doing this, security makes no sense because you don’t understand the adversary. You are left only with reactive measures. And reactive measures will only take you so far. When stressed and pushed to the limits, as they often are, reactive defensive measures just crumble under the weight of a real attack.
Become resilient, be prepared, and proactively understand who is coming after you.
Note: this article first appeared in the Advanced Capabilities Group blog