Availability: To improve cybersecurity, think like a hacker

To improve cybersecurity, think like a hacker:

In the past several years, the list of companies whose internal systems have been hacked has grown rapidly. It now includes such high-profile businesses as Target, JPMorgan Chase, Home Depot, Sony Pictures, Ashley Madison, and Yahoo. No industry appears to be safe from attacks. Unfortunately, the au...

Full description

Saved in:

Bibliographic Details
Main Authors:	Esteves, José 1970- (Author), Ramalho, Elisabete (Author), Haro, Guillermo de (Author)
Format:	Electronic eBook
Language:	English
Published:	[Cambridge, Massachusetts] MIT Sloan Management Review 2017
Subjects:	Computer security Cyber intelligence (Computer security) Sécurité informatique Surveillance des menaces informatiques
Links:	https://learning.oreilly.com/library/view/-/53863MIT58314/?ar
Summary:	In the past several years, the list of companies whose internal systems have been hacked has grown rapidly. It now includes such high-profile businesses as Target, JPMorgan Chase, Home Depot, Sony Pictures, Ashley Madison, and Yahoo. No industry appears to be safe from attacks. Unfortunately, the authors say, investment in security measures is only part of the answer; traditional methodologies can only do so much. To be effective, managers in charge of cybersecurity need to adjust their mindsets and become as open and adaptive as possible. In this article, the authors present a framework drawn from the knowledge and opinions of experts, including interviews with more than 20 experienced hackers. As the authors explain, hackers have two different mindsets depending on the stage of the attack: explorative and exploitative. An exploration mindset used in the early stages of an attack combines deliberate and intuitive thinking and relies on intensive experimentation. Once access to a system is gained, hackers adopt an exploitation mindset. An attack typically involves four steps: Step 1: Identifying Vulnerabilities If hackers think your company is worth attacking, they will examine it thoroughly for weaknesses, surveying the network information, organizational information, and security policies. Companies can protect themselves by adopting an iterative and adaptive process and making a point of conducting a high-level "footprint" of their systems on a regular basis. They should also make sure that employees are well informed on policies regarding sharing of information. Step 2: Scanning and Testing After a hacker has broken into your network, weaknesses in the applications running on those systems could become avenues for further unauthorized access. To protect your company, examine your network and identify potential weaknesses. Step 3: Gaining Access Hackers often play on both sophisticated technical knowledge and social skills to breach company security. Companies need to consider how a hacker could gain access to their systems. Step 4: Maintaining Access Hackers try to retain their "ownership" of the system and access for future attacks. Organizations need to remain vigilant for suspicious activity in system logs and to ensure that monitoring systems are always up to date. "Cybersecurity is a game of cat and mouse in which the cat always makes the first move," the authors write. The more you can think like a hacker, the better able you will ...
Item Description:	"Reprint #58314.". - Includes bibliographical references. - Online resource; title from cover (Safari, viewed April 21, 2017)
Physical Description:	1 Online-Ressource (1 volume) illustrations

Staff View

MARC


LEADER	00000cam a22000002 4500
001	ZDB-30-ORH-047384794
003	DE-627-1
005	20240228120253.0
007	cr uuu---uuuuu
008	191023s2017 xx \|\|\|\|\|o 00\| \|\|eng c
035			\|a (DE-627-1)047384794
035			\|a (DE-599)KEP047384794
035			\|a (ORHE)53863MIT58314
035			\|a (DE-627-1)047384794
040			\|a DE-627 \|b ger \|c DE-627 \|e rda
041			\|a eng
100	1		\|a Esteves, José \|d 1970- \|e VerfasserIn \|4 aut
245	1	0	\|a To improve cybersecurity, think like a hacker \|c José Esteves, Elisabete Ramalho, Guillermo de Haro
264		1	\|a [Cambridge, Massachusetts] \|b MIT Sloan Management Review \|c 2017
300			\|a 1 Online-Ressource (1 volume) \|b illustrations
336			\|a Text \|b txt \|2 rdacontent
337			\|a Computermedien \|b c \|2 rdamedia
338			\|a Online-Ressource \|b cr \|2 rdacarrier
500			\|a "Reprint #58314.". - Includes bibliographical references. - Online resource; title from cover (Safari, viewed April 21, 2017)
520			\|a In the past several years, the list of companies whose internal systems have been hacked has grown rapidly. It now includes such high-profile businesses as Target, JPMorgan Chase, Home Depot, Sony Pictures, Ashley Madison, and Yahoo. No industry appears to be safe from attacks. Unfortunately, the authors say, investment in security measures is only part of the answer; traditional methodologies can only do so much. To be effective, managers in charge of cybersecurity need to adjust their mindsets and become as open and adaptive as possible. In this article, the authors present a framework drawn from the knowledge and opinions of experts, including interviews with more than 20 experienced hackers. As the authors explain, hackers have two different mindsets depending on the stage of the attack: explorative and exploitative. An exploration mindset used in the early stages of an attack combines deliberate and intuitive thinking and relies on intensive experimentation. Once access to a system is gained, hackers adopt an exploitation mindset. An attack typically involves four steps: Step 1: Identifying Vulnerabilities If hackers think your company is worth attacking, they will examine it thoroughly for weaknesses, surveying the network information, organizational information, and security policies. Companies can protect themselves by adopting an iterative and adaptive process and making a point of conducting a high-level "footprint" of their systems on a regular basis. They should also make sure that employees are well informed on policies regarding sharing of information. Step 2: Scanning and Testing After a hacker has broken into your network, weaknesses in the applications running on those systems could become avenues for further unauthorized access. To protect your company, examine your network and identify potential weaknesses. Step 3: Gaining Access Hackers often play on both sophisticated technical knowledge and social skills to breach company security. Companies need to consider how a hacker could gain access to their systems. Step 4: Maintaining Access Hackers try to retain their "ownership" of the system and access for future attacks. Organizations need to remain vigilant for suspicious activity in system logs and to ensure that monitoring systems are always up to date. "Cybersecurity is a game of cat and mouse in which the cat always makes the first move," the authors write. The more you can think like a hacker, the better able you will ...
650		0	\|a Computer security
650		0	\|a Cyber intelligence (Computer security)
650		4	\|a Sécurité informatique
650		4	\|a Surveillance des menaces informatiques
650		4	\|a Computer security
650		4	\|a Cyber intelligence (Computer security)
700	1		\|a Ramalho, Elisabete \|e VerfasserIn \|4 aut
700	1		\|a Haro, Guillermo de \|e VerfasserIn \|4 aut
966	4	0	\|l DE-91 \|p ZDB-30-ORH \|q TUM_PDA_ORH \|u https://learning.oreilly.com/library/view/-/53863MIT58314/?ar \|m X:ORHE \|x Aggregator \|z lizenzpflichtig \|3 Volltext
912			\|a ZDB-30-ORH
912			\|a ZDB-30-ORH
951			\|a BO
912			\|a ZDB-30-ORH
049			\|a DE-91

Record in the Search Index

DE-BY-TUM_katkey	ZDB-30-ORH-047384794
_version_	1821494913827602432
adam_text
any_adam_object
author	Esteves, José 1970- Ramalho, Elisabete Haro, Guillermo de
author_facet	Esteves, José 1970- Ramalho, Elisabete Haro, Guillermo de
author_role	aut aut aut
author_sort	Esteves, José 1970-
author_variant	j e je e r er g d h gd gdh
building	Verbundindex
bvnumber	localTUM
collection	ZDB-30-ORH
ctrlnum	(DE-627-1)047384794 (DE-599)KEP047384794 (ORHE)53863MIT58314
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>04043cam a22004092 4500</leader><controlfield tag="001">ZDB-30-ORH-047384794</controlfield><controlfield tag="003">DE-627-1</controlfield><controlfield tag="005">20240228120253.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">191023s2017 xx \|\|\|\|\|o 00\| \|\|eng c</controlfield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)047384794</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)KEP047384794</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ORHE)53863MIT58314</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)047384794</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Esteves, José</subfield><subfield code="d">1970-</subfield><subfield code="e">VerfasserIn</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">To improve cybersecurity, think like a hacker</subfield><subfield code="c">José Esteves, Elisabete Ramalho, Guillermo de Haro</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">[Cambridge, Massachusetts]</subfield><subfield code="b">MIT Sloan Management Review</subfield><subfield code="c">2017</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (1 volume)</subfield><subfield code="b">illustrations</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">"Reprint #58314.". - Includes bibliographical references. - Online resource; title from cover (Safari, viewed April 21, 2017)</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">In the past several years, the list of companies whose internal systems have been hacked has grown rapidly. It now includes such high-profile businesses as Target, JPMorgan Chase, Home Depot, Sony Pictures, Ashley Madison, and Yahoo. No industry appears to be safe from attacks. Unfortunately, the authors say, investment in security measures is only part of the answer; traditional methodologies can only do so much. To be effective, managers in charge of cybersecurity need to adjust their mindsets and become as open and adaptive as possible. In this article, the authors present a framework drawn from the knowledge and opinions of experts, including interviews with more than 20 experienced hackers. As the authors explain, hackers have two different mindsets depending on the stage of the attack: explorative and exploitative. An exploration mindset used in the early stages of an attack combines deliberate and intuitive thinking and relies on intensive experimentation. Once access to a system is gained, hackers adopt an exploitation mindset. An attack typically involves four steps: Step 1: Identifying Vulnerabilities If hackers think your company is worth attacking, they will examine it thoroughly for weaknesses, surveying the network information, organizational information, and security policies. Companies can protect themselves by adopting an iterative and adaptive process and making a point of conducting a high-level "footprint" of their systems on a regular basis. They should also make sure that employees are well informed on policies regarding sharing of information. Step 2: Scanning and Testing After a hacker has broken into your network, weaknesses in the applications running on those systems could become avenues for further unauthorized access. To protect your company, examine your network and identify potential weaknesses. Step 3: Gaining Access Hackers often play on both sophisticated technical knowledge and social skills to breach company security. Companies need to consider how a hacker could gain access to their systems. Step 4: Maintaining Access Hackers try to retain their "ownership" of the system and access for future attacks. Organizations need to remain vigilant for suspicious activity in system logs and to ensure that monitoring systems are always up to date. "Cybersecurity is a game of cat and mouse in which the cat always makes the first move," the authors write. The more you can think like a hacker, the better able you will ...</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Cyber intelligence (Computer security)</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Sécurité informatique</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Surveillance des menaces informatiques</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Cyber intelligence (Computer security)</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Ramalho, Elisabete</subfield><subfield code="e">VerfasserIn</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Haro, Guillermo de</subfield><subfield code="e">VerfasserIn</subfield><subfield code="4">aut</subfield></datafield><datafield tag="966" ind1="4" ind2="0"><subfield code="l">DE-91</subfield><subfield code="p">ZDB-30-ORH</subfield><subfield code="q">TUM_PDA_ORH</subfield><subfield code="u">https://learning.oreilly.com/library/view/-/53863MIT58314/?ar</subfield><subfield code="m">X:ORHE</subfield><subfield code="x">Aggregator</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">BO</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91</subfield></datafield></record></collection>
id	ZDB-30-ORH-047384794
illustrated	Illustrated
indexdate	2025-01-17T11:21:56Z
institution	BVB
language	English
open_access_boolean
owner	DE-91 DE-BY-TUM
owner_facet	DE-91 DE-BY-TUM
physical	1 Online-Ressource (1 volume) illustrations
psigel	ZDB-30-ORH TUM_PDA_ORH ZDB-30-ORH
publishDate	2017
publishDateSearch	2017
publishDateSort	2017
publisher	MIT Sloan Management Review
record_format	marc
spelling	Esteves, José 1970- VerfasserIn aut To improve cybersecurity, think like a hacker José Esteves, Elisabete Ramalho, Guillermo de Haro [Cambridge, Massachusetts] MIT Sloan Management Review 2017 1 Online-Ressource (1 volume) illustrations Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier "Reprint #58314.". - Includes bibliographical references. - Online resource; title from cover (Safari, viewed April 21, 2017) In the past several years, the list of companies whose internal systems have been hacked has grown rapidly. It now includes such high-profile businesses as Target, JPMorgan Chase, Home Depot, Sony Pictures, Ashley Madison, and Yahoo. No industry appears to be safe from attacks. Unfortunately, the authors say, investment in security measures is only part of the answer; traditional methodologies can only do so much. To be effective, managers in charge of cybersecurity need to adjust their mindsets and become as open and adaptive as possible. In this article, the authors present a framework drawn from the knowledge and opinions of experts, including interviews with more than 20 experienced hackers. As the authors explain, hackers have two different mindsets depending on the stage of the attack: explorative and exploitative. An exploration mindset used in the early stages of an attack combines deliberate and intuitive thinking and relies on intensive experimentation. Once access to a system is gained, hackers adopt an exploitation mindset. An attack typically involves four steps: Step 1: Identifying Vulnerabilities If hackers think your company is worth attacking, they will examine it thoroughly for weaknesses, surveying the network information, organizational information, and security policies. Companies can protect themselves by adopting an iterative and adaptive process and making a point of conducting a high-level "footprint" of their systems on a regular basis. They should also make sure that employees are well informed on policies regarding sharing of information. Step 2: Scanning and Testing After a hacker has broken into your network, weaknesses in the applications running on those systems could become avenues for further unauthorized access. To protect your company, examine your network and identify potential weaknesses. Step 3: Gaining Access Hackers often play on both sophisticated technical knowledge and social skills to breach company security. Companies need to consider how a hacker could gain access to their systems. Step 4: Maintaining Access Hackers try to retain their "ownership" of the system and access for future attacks. Organizations need to remain vigilant for suspicious activity in system logs and to ensure that monitoring systems are always up to date. "Cybersecurity is a game of cat and mouse in which the cat always makes the first move," the authors write. The more you can think like a hacker, the better able you will ... Computer security Cyber intelligence (Computer security) Sécurité informatique Surveillance des menaces informatiques Ramalho, Elisabete VerfasserIn aut Haro, Guillermo de VerfasserIn aut
spellingShingle	Esteves, José 1970- Ramalho, Elisabete Haro, Guillermo de To improve cybersecurity, think like a hacker Computer security Cyber intelligence (Computer security) Sécurité informatique Surveillance des menaces informatiques
title	To improve cybersecurity, think like a hacker
title_auth	To improve cybersecurity, think like a hacker
title_exact_search	To improve cybersecurity, think like a hacker
title_full	To improve cybersecurity, think like a hacker José Esteves, Elisabete Ramalho, Guillermo de Haro
title_fullStr	To improve cybersecurity, think like a hacker José Esteves, Elisabete Ramalho, Guillermo de Haro
title_full_unstemmed	To improve cybersecurity, think like a hacker José Esteves, Elisabete Ramalho, Guillermo de Haro
title_short	To improve cybersecurity, think like a hacker
title_sort	to improve cybersecurity think like a hacker
topic	Computer security Cyber intelligence (Computer security) Sécurité informatique Surveillance des menaces informatiques
topic_facet	Computer security Cyber intelligence (Computer security) Sécurité informatique Surveillance des menaces informatiques
work_keys_str_mv	AT estevesjose toimprovecybersecuritythinklikeahacker AT ramalhoelisabete toimprovecybersecuritythinklikeahacker AT haroguillermode toimprovecybersecuritythinklikeahacker

Availability

‌

Read online