Enterprises today face a threat landscape that continues to evolve and become increasingly more perilous. Corporations recognize the need for their companies to become more resilient, acknowledging the importance of cybersecurity. The cyber battlefield is a war with real loss of assets and sometimes lives.
The most important thing here is to constantly innovate the methods you use to fight in this war. Always be one step ahead. To achieve that you have to know your enemies and think like them.
The Insurtech meetup, held in Munich, brought together a record number of the movers and shakers of the Insurtech and Fintech industry. Stepanyan ( a.k.a cyberhulk) presented the principles of cybersecurity and provided informative references. Taking the audience on an intellectual and emotional journey, his speech comprised of controlled attack strategies and mitigation techniques.
By introducing the concept of using deception in cybersecurity to detect attacks, he came to the conclusion that the effect of inserting deceptive tar traps into cybersecurity activities would mean a change in the hacking game. Today, it’s not clear how thoroughly cybersecurity professionals embrace this well-established military tactic beyond lip service that deception is a good idea. The methods for deception detection comprise of the following parameters such as deterrence, detection, and honeypots.
The scenario-driven approach ushers in a new paradigm, and is there to understand access points of your organization. The access points of your organization which are given the lowest priority or are not connected to vital information. Use this information to expose them as backdoors, put honeypots and start detecting your enemies’ activities.
LACS movement promises to enlarge the community and build a working system of techniques and best practices.
It also encourages us to get connected and forces collaboration around a shared vision which is intended to create a movement out of the new LACS approach. The effectiveness of the lean approach lies in performing tests and understanding needed security improvements in small batches. Previously testing was done on a wide range of vulnerabilities, performing white hacking tests.
As a closure of the meetup, we should acknowledge the threat and not be naive in the cyber battlefield.