Thinking like an attacker to build effective defences
We know that ‘thinking like an attacker’ are words that are too often used by cyber security salespeople and marketeers, with little substance to back them up. But a threat-centric approach is essential to effectively calculate the risk of an attacker causing harm.
Without an appreciation of the likelihood of an attacker leveraging certain tactics or tooling, it’s impossible to know which potential cyber attack scenarios pose the highest risk. Looking at which scenarios might pose the highest impact, or focusing on protecting the assets of highest criticality to your business, is only half of the equation. This is because what’s important or valuable to an attacker over the course of an attack doesn’t necessarily match what’s important or valuable to your business.
We use the concept of attack paths in everything we do.