Real Hackers Reveal How to Protect Your Business From Cyber Attack

By Kayla Matthews

Most security and cybersecurity reports look at things from a single perspective: that of the business and administration world. Generally, the information all comes from the same sources as well, with quotes from analysts and researchers.

But what of the people driving attacks on security systems? What of the developers who build powerful security measures to keep hackers out? Basically, what about the people who actually have experience with this sort of thing?

That’s the idea behind The Black Report, a survey that polled hackers attending the Black Hat and DEFCON 2016 events in Las Vegas.

The survey was administered by Nuix, and the company’s CISO, Chris Pogue, had this to say: "Research [turned out to be] quite contrary to the conventional understanding of cybersecurity."

In other words, some of the elements and aspects of cybersecurity that seem so important are nothing more than smoke and mirrors to skilled hackers. It’s definitely scary to hear, but it also shows how out of touch admins in the cybersecurity space may be with those actually perpetrating these attacks.

What did The Black Report uncover?

Pogue writes, “Some countermeasures that you think will stop an attacker won't even slow them down.” To be honest, that doesn’t really come as a surprise considering the speed and timing of some of these attacks.

Interestingly enough, Pogue also says, “Other defensive techniques that you think are totally arbitrary actually have a tremendous impact on your defensive posture.”

His take on all this? "We found that unequivocally, perception and reality are in desperate need of realignment."

It would seem that many in the cybersecurity space are focused on elements that have no bearing on potential attacks. However, security measures that aren’t given much attention do indeed prevent a lot of attacks.

Isn’t that something?

It’s about time that this kind of thing was approached from a different perspective. With so many high-profile breaches happening across the board, it’s clear we all need to be much better about locking down our data and digital identities. In fact, one of the biggest attacks that happened in 2015 compromised over 57 million people. We didn’t even hear about it until it was too late, and hackers put the stolen data up for sale on the dark web.

A common misconception is that hackers largely attack businesses and servers directly. While that may be true in some cases, it’s not actually how most get into a system or account.

One of the most common methods of attack involves phishing. It’s actually a simple form of fraud where a hacker creates a clone portal—whether that be through email or a website—that looks authentic. Then people enter their login credentials, account information, or personal data thinking it’s a legit source. This obviously leads to the attacker collecting those details and using them against you. These people are essentially handing hackers the keys to their home and saying, “Come on in.”

How to improve cybersecurity for your business

There is a huge abundance of overconfidence among most users and employees. These are people who believe they know how to protect themselves and take the appropriate precautions to do so. In reality, 78% of people claim they are aware of the risks from following unknown links in emails, yet they still click anyway. Let’s repeat that: They still click anyway.

This simple anecdote serves as a near perfect microcosm of the larger problem with digital security in general. That is, consumers and business professionals alike are aware of the potential threats to their digital security but, in many cases, don't act in a way that makes use of this important knowledge.

Case in point: More than half of the organizations that suffered successful cyber attacks on their systems sometime in 2016 have said that they will not be making any changes to their security in 2017. Wait, what?

So, looking at this from both angles, we can see there’s a great deal of overconfidence in our digital security. Not to mention, there’s a pattern of naivety and ignorance here that is astounding.

Get up close and personal with your cybersecurity

You absolutely must be involved with cybersecurity on a personal level, and you must take every opportunity to protect yourself and your data. To do that, it means educating yourself on the risks and dangers of the greater web. What is phishing? What is malware? Where do viruses come from? How can I prevent these things from harming my data?

These all seem like simple questions, but they lie at the heart of digital security. To protect yourself, you must understand these concepts, and you must also understand how to avoid them. More importantly, you must know how to identify them if and when you do come face to face with them.

Want the tall and skinny of improving cybersecurity for your business? Start educating yourself and your team on the importance of protecting any and all data. Shed any confidence you have in your security measures or personal decisions. Your passwords aren’t safe. Your account names are likely compromised. Your email address is publicly available. Who knows how many times your personal information has been shared online?

Get serious, and realize there’s a huge problem with digital security. Then—and only then—can you begin to improve cybersecurity for your business, team, and even in your personal life.