Back to Blog Home

IT Security: ways to win the cyberwar

You’re an IT Security Specialist.

It’s your job to protect your company from cyberattack after cyberattack.

Make no mistake, the enemy–hackers, attackers, criminals–will never stop in their cyberwar, whether they wish to destroy your computing environment, corrupt data, or steal records from employees or clients.

Understanding why these individuals do what they do can help you and your colleagues neutralize the threats that they pose.

Think like an attacker

It’s always better to be proactive than reactive when it comes to dealing with cyberattacks. To stay one step ahead, many IT Security Specialists can try to take on the mindset of an attacker.

If the attacker’s motive is financial gain, what systems would they attempt to exploit?

What if the attacker wanted to promote a political cause?

What if they simply want to cause as much destruction as possible, just to show that they can?

Thinking like a cyberattacker is the first step to take in determining which protocols should be deployed to best defend your systems from an attack.

Talk to former attackers

Many former “black hat” attackers, once caught, will do an about-face and start working on the side of good. They will give talks at conferences and share their insights–as they’ve “been there and done that.” To arm yourself with this type of darknet insider knowledge is one of the best ways to secure your position in defending your organization’s infrastructure.

Attend security conferences

Attending security conferences on a regular basis is an ideal way to network with fellow IT security specialists. The top IT specialists will provide training at these conferences, give updates on new threats approaching the horizon, new techniques used by attackers, and new tools to counteract these threats.

Security conferences are held on a yearly basis across the United States, as well as around the world. A list of all conferences is maintained here.

Examples of such conferences are Data Connectors Cybersecurity, the CISO Executive Summit Series (an invitation-only series for Chief Information Security Officers), the Cyber Security Summit, and the Cyber Threat Intelligence Summit.

Although it’s best to visit a couple of conferences a year in person in order to network, you’ll find that many of the presentations given at these conferences are recorded and available on the conference’s website or on YouTube.

Study best practices

Experts in the security community, as well as in regulatory bodies, and technology vendors have developed best practices that relay essential learnings to IT Security Specialists.

Below are just a few examples of these best practices:

The NIST Cyber Security Framework. The CSF, developed by the National Institute of Standards and Technology (NIST) is a guide for developing a formal security program. Their publication, 800-53r4, is considered to be the “gold standard” for security controls.

The Center for Internet Security’s Top 20 Critical Security Controls. The Top 20 distills the NIST CSF into the top 20 essential security controls–as the name implies. It’s also updated on a regular basis, unlike the CSF.

The MITRE ATT&CK Framework. This framework covers common attacker actions and the tactics they use. It also discusses methods of detection that can be used on most computing platforms.

The Open Web Application Security Project (OWASP). This group coordinates many community-based application security standards and development projects. For web developers, their Top 10 Common Web Application Security Risks is essential.

Cyberattacks are unceasing and will become more and more sophisticated in the future. Developing the ability to get inside the mindset of an attacker, networking with fellow IT Security professionals, and keeping abreast of the latest innovations in IT Security is essential in order to prevent the successful penetration of your company’s critical infrastructure.

Three Key Considerations When Choosing an IT Staffing Partner Download Now

To learn how OnX Canada can help your organization stay one step ahead, download our free eBook.