TO STAY AHEAD OF THE BAD ACTORS, THINK LIKE A CRIMINAL.

TO STAY AHEAD OF THE BAD ACTORS,THINK LIKE A CRIMINAL.

Want to stay one step ahead of a cybercriminal? Think like one.

Cybersecurity experts say companies must expand beyond a defensive strategy of building stronger locks and higher walls to a proactive “know thy enemy” approach. That may even include monitoring online hangouts of cybercriminals to learn the latest attack techniques.

95% OF CIOS EXPECT CYBER THREATS TO INCREASE OVER THE NEXT THREE YEARS. Source: Arctic Wolf. Security Operations Solutions for Financial Institutions, 2021.

Cyber threats are everywhere, fueled by increasingly bold and dangerous criminals. What’s more, automated attacks are proliferating, propelled by artificial intelligence and other new technologies. 

And it may get worse: 95% of CIOs expect cyber threats to increase over the next three years, according to a recent report from Arctic Wolf.

Talent is in short supply.

Intensifying this urgency is a shortage of cybersecurity personnel. The cybersecurity workforce shortage is at record levels—nearly 4 million worldwide, according to the latest Cybersecurity Workforce Study from ISC2. And budget cuts, layoffs, and hiring freezes have made things even harder on staff already stretched thin. 

Businesses cannot afford to be passive or work alone. A successful strategy takes ongoing learning, collaboration, and unconventional thinking. It’s not simply a matter of working harder, but working smarter—including staying informed about the latest strategies and techniques used by the bad guys.

Getting executive buy-in.

$2MM THE AVERAGE COST OF A RANSOMWARE ATTACK. Source: CIO. The changing face of cybersecurity threats in 2023, 2023.

“Educate the C-suite and... tie it directly back to how this will affect the business.”

Clarence Foster, Business Information Security Officer, T-Mobile for Business

First, plan and protect.

As any hard-boiled TV detective can tell you, committing a crime requires motive, such as financial gain or revenge, and means, that is, tools and capabilities. It also requires opportunity, like a breach or soft spot in defenses. That’s why security experts say that any strong cyber defense must begin with a philosophy of continuous improvement, informed by awareness of the latest modes of attack. When it comes to cybersecurity, set it and forget it won’t cut it.

“When it comes to cybersecurity, set it and forget it won’t cut it.”

Clarence Foster, Business Information Security Officer, T-Mobile for Business

A potent cyber defense starts with a plan. You can begin by using the cybersecurity framework created by the National Institute of Standards and Technology, NIST. It’s a comprehensive set of standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. Aligning with its practices also fosters communication about risks and cybersecurity management among internal and external stakeholders.

These efforts include stepping up incident response readiness and proactive planning. One effective initiative at T-Mobile has been its Bug Bounty program, in which individuals receive recognition and compensation for reporting technical bugs—especially those about potential security exploits and vulnerabilities.

“They show where our vulnerabilities are,” says Mike Bossi, Senior Security Engineer at T-Mobile for Business. “This has helped us be more proactive. We can then take immediate action with a partner who is on our side and not trying to hurt us.”

Many companies also pressure test their incident response preparedness through tabletop exercises, which simulate security incidents to learn how resilient the company is to cyberattacks and practice their response in a safe environment. These drills can reveal places where incident response planning still needs work and provide the necessary hands-on training to respond quickly and effectively.

“This thinking exercise helps companies look at gaps and create a step-by-step plan to update their security playbook,” says Foster.

Know what you’re dealing with.

Gathering intelligence on how cybercriminals operate and learning the latest attack techniques is an innovative way to fight back. The tricky part is that the bad guys often hang out in private spaces like Discord messaging channels, private Facebook groups, and the so-called Dark Web.

“[Bug bounties] helped us be more proactive. We can take immediate action.”

Mike Bossi, Business Information Security Officer, T-Mobile for Business

But there are opportunities. The Telegram messaging app, for instance, is becoming a cyber criminal’s go-to assistant for various cyberattacks. Group messages on the platform are not encrypted by default, and many channels are used by criminals.

There are ripe opportunities to learn about attack methods and activity, as well as identify organizations being targeted and understand where to find compromises such as insider threats. To gather such intelligence, T-Mobile monitors Telegram regularly.

PROPER CYBER HYGIENE REMOVES 99% OF THE RISKS

“It’s helped us to figure out who’s doing what and how they’re doing it,” Bossi says. It’s part of efforts to continually adapt the cybersecurity playbook with proactive threat detection.

Adopting a mindset of continuous vulnerability assessment, for instance, prompts a cybersecurity team to monitor networks and systems for vulnerabilities using automated tools for threat detection and response. In this effort, log management tools are essential for real-time monitoring, analysis, and contextual awareness of security-related events.  

“If you maintain proper cyber hygiene,’’ Foster says, “you’ll get rid of 99% of the risks.”

The takeaways.

No matter how innovative or focused your organization, cybercrime can be a roadblock to success. The attack surface is dynamic, continually evolving with changes in technology and business processes.

In short, these cybersecurity elements are essential:

Continuously improve.

Continuously improve.

Adopt a philosophy of continuous improvement, using NIST guidelines. “You’re constantly iterating and updating,” says Bossi.

Get buy-in from senior leaders.

Get buy-in from senior leaders.

Get buy-in from senior leaders, appealing to business outcomes/impacts and backing it up using trusted tools and standardization.

Take a proactive approach.

Take a proactive approach.

Take a proactive approach. Continually test your team to identify and fix any cracks. Fortify the business and help the company prepare so that the business is ready when threats occur.

Adapt your protection and response.

Adapt your protection and response.

Continue to adapt your protection and response playbook. We recommend a Cybersecurity Maturity Model. Such a model enables your organization to assess its progress periodically.

Can’t initially accomplish all your security goals? Ladder up, completing one at a time, improving as you go. By following these best practices and trying to understand the mindset of your attacker, you can gain a deeper understanding of your vulnerabilities and take proactive steps to reduce the risk of cyber threats.

Security is not a reaction to threats. It is the anticipation and diminishment of a threat—a big part of which is understanding the thinking and tactics of cybercriminals. Security happens when the proper resources are proactively aligned to protect your company and data.

More resources.

A professional works on a tablet with modern office towers in her background.

Increase security where you work: new defensive strategies.

Remote and mobile workers are exposed to new and worrisome cybersecurity risks. The latest tools and policies can help protect your on-the-go team.

A professional holds a laptop and points at the screen to show it to his coworker.

Taking action before cyberattacks happen.

Strong passwords aren't enough to fend off dangerous security threats. You need robust authentication and multi-layered defenses.

Count on our security solutions to safeguard your business.