The cybersecurity industry is suffering from a growing threat faced by small and medium enterprises. This sector is increasingly targeted by hackers precisely because it doesn’t have big budgets or legions of security analysts to protect it, unlike big companies that are more aware of the danger, better financially secured, and much better protected.
Two out of five VSE-SMEs have already been victims of computer attacks or assassination attempts. Phishing, spyware, ransomware, malware or CEO fraud to steal confidential data or extort funds, etc., all cyber attack methods are good for this activity, whose favorable benefit/effort ratio generates many callings.
However, despite the fact that the media or other entrepreneurs who have been the victims of cyberattacks are bombarded with reports, many SME leaders unfortunately cannot ensure their cybersecurity. The prevailing view is that a cyberattack “probably won’t happen to me.”
Many SMBs mistakenly believe that hackers only attack systems owned by the “big guys”. In fact, many of the exciting headlines against industry heavyweights have been carried out by hackers using SMB IT tools as entry points.
Their fragility makes them favored targets for a large number of hackers, because even the least gifted of them can cause harm. The vast majority of cyberattacks are unpredictable and often depend on random circumstances such as the computer model or software version being used. Sophisticated analysis tools are readily available on the dark web and hacker forums. They allow anyone to quickly scan the Internet looking for signs of vulnerability and then target them with laser precision.
This is what makes SMEs attractive to a hacker: easy to get into, often little or no security, it is a wide open door to bypass the secure devices of large companies with which he contacts. SMEs are also targets in their own right: they are easy to attack and willing to pay because they see themselves as vulnerable to cybercrime.
In a sense, a ripe fruit that just needs to be plucked!
New paradigm: act before you react, act before you suffer
The balance of power in cyberspace is constantly shifting in a virtual game of cat and mouse. Hackers exploit hardware and software, and researchers are constantly trying to find ways to “fix” or close the same vulnerabilities. No matter how high the defensive walls are, hackers are constantly finding new ways to bypass them.
This new reality is partly due to the fact that black hat hackers, who usually work alone or in informal collaboration, are flexible and able to act much faster than their cybercriminals: grouping corporate security systems that typically rely on a reactive “monitor”. The “detect, respond” strategy. They often suffer from over-reliance on sophisticated monitoring and warning technologies, resulting in long delays in detection.
Two logics collide here, where one, in principle, always lags behind the other for a while: hackers are looking for and discovering flaws that they use, and researchers are trying to eliminate these very flaws. Therefore, they are always one step behind in this race against an agile, unpredictable and very often terribly effective opponent.
This situation should now be considered in order to change the mental basis of cybersecurity. It must stop chasing hackers to repair the damage they have caused, and become a tool for monitoring and real-time detection of both system vulnerabilities and hacker activity. Act before the attacks deal massive damage. There are solutions for this: online vulnerability scanners that can detect weaknesses in the infrastructure without interruption, assessment of the cyber maturity of companies, cybersecurity training, a self-hacking system to measure system resilience, etc.
As with most security related topics, the best defense is usually to have good offensive ability and good planning. This is the only way to stop suffering and regain control of your cybersecurity, and ultimately keep hackers from retreating from an easier-to-penetrate target.
Thus, we must stop being reactive in order to become active. There is an urgent need to embrace this new paradigm that will allow us to abandon the victim logic that has dominated this field for too long: act to the point of suffering.
Once we come to terms with the idea that our systems have probably already been or will be attacked, we can take active steps beyond traditional thinking to embrace the new paradigm. This way of accepting the reality of risk is a crucial step for each of us to understand the terms of the “new normal” represented by these advanced threats. To come to this conclusion is not an admission of failure, but rather an recognition of the magnitude of the changes that have taken place in the world around us.
Think like a hacker
Obviously, the traditional perimeter solutions that cybersecurity has relied on for years have gradually lost their effectiveness, because hackers are able to methodically use every opportunity presented to them. Once the attack has taken place (and we know it has always happened), it is too late to take the security of our businesses and institutions, no matter their size, seriously. This truth now organizes the realm of cybersecurity and distributes cyber risk.
In this global redefinition of what cybersecurity is, it’s important to understand how hackers themselves work and draw inspiration from them in order to be able to secure IT infrastructures and keep companies resilient.
Moreover, it is necessary to understand the mindset of hackers. In any strategy, it is good to understand how the opponent’s mind works. And because hacky logic works so well, it needs to be used. As in aikido, where we use the strength of the enemy to defeat him, we must use the strength and dexterity of the hackers to turn them against themselves. Now we must think and act like a hacker (and his methods), but with a different, benevolent state of mind. This is what white hat hackers teach, those ethical hackers who put their destructive knowledge at the service of cybersecurity.
So once the hackers are hacked, cyber security will take a big step forward.