Hacker Headspace

Hacker Headspace: Thinking Like A Hacker

It’s been another busy few weeks for us at ACDS, from the recent Thoughtworks partnership announcement I wrote about in my last Hacker Headspace to meeting clients, prospects, and old friends at this year’s International Cyber Expo. It’s been great to get out of the office and talk to people about the current cybersecurity trends facing organisations and how we, as an industry, can be more resilient. Events are so important for community building, which is something I’m passionate about (and have written about extensively).

At the show, I was particularly struck by how open people were to having conversations about the expanding attack surface. Our conversations at the event reflected the trends we saw in the research report we released earlier this year: people aren’t fully aware of all the devices on their network, yet cyberattacks are on the rise.

On day two of the event, I presented a keynote on the Tech Hub Stage. It was busy—there was standing room only! Throughout the presentation, I invited the audience to think like hackers. Why? because we can’t fight adversaries without understanding why an organisation might be a valuable target and how adversaries may target it.

So, let’s get into the mindset of a hacker.

Firstly, it’s important to note that attack surfaces are evolving - and quickly. A 2023 stat by Gartner revealed that by 2027, 75% of employees will acquire, modify, or create tech outside of IT teams’ visibility. Our own research found that half of security professionals acknowledged the likelihood that there are devices connected to their company’s network that they’re not aware of. This creates a perfect storm for network insecurity.

With attack surfaces expanding and insecure/unknown devices becoming more prevalent on networks, cybercriminals have more and easier access routes into a system. This makes all organisations, regardless of size, vertical, or revenue, valuable targets. It’s foolish to think that your organisation won’t be hacked. It’s a case of if, not when.

Next, let’s look at how hackers are breaching systems. It’s no longer a case of adversaries looking for quick cash grabs; access and reconnaissance have changed the game. In turn, attacks have become more sophisticated. Not least because attacks have become filtered through intricate ecosystems of organised crime:

First, lone workers discover initial access and sell it on the dark web.

Then, threat actors create persistence with multiple re-entry points to systems. They aim to remain undetected for long periods of time.

Other groups then provide malware or ransomware payloads for encrypting devices.

Finally, call centres are set up for decryption and customer service.

More so than ever, are cybercriminal activities looking like legitimate organisations.

External attack surface management (EASM) tools, like Observatory, can stop this chain of events at the beginning. By providing complete visibility into a network—knowing what devices are connected and whether any adversaries have already gained access—organisations can significantly reduce the growing risk posed by both opportunistic and organised cybercriminals.

My recommendation? Start by reviewing your remote access solutions, implementing strong multi-factor authentication (MFA), and ensuring certificate-based authentication and encryption are in place.

More than ever, business leaders need to think like hackers when developing their cybersecurity strategies. Understanding why your organisation is a valuable target, and how adversaries might attempt to exploit your vulnerabilities, is essential for creating a more secure network—and a more secure organisation. This proactive approach can disrupt hackers' plans and stop them in their tracks.