Don't second guess. Go with experience.

How to Defend Against Motivated and Sophisticated Cyberattackers

Cybersecurity Defense Cyberattacker

Everyone loves a good villain.

They make our most treasured stories so much more interesting. As human beings we’re complex, so we love to see our villains portrayed with layers. We crave a visceral, relatable depiction to send a shiver up the spine. I’d point you in the direction of Anthony Hopkins’ unflinching Hannibal Lecter, or send you to the pages of ‘American Psycho’ to spend some time looking at business cards with the namesake Patrick Bateman (Just make sure your cards don’t have a subtle watermark). Whether it be in movies, or books, or while we’re binge-watching our favorite show on Netflix, a good villain serves as the scuffed tails to our shiny heads. The yang to our yin. The acid to our base. On cold starless nights, while we’re stranded in the woods of the mundane, villains are the friction needed to rub the heroic flame from the kindling.

However, there are a few caveats.

Most people don’t like to be the villain.

And no one likes to be the target of a villain.

Once things spill over from the screen or page into reality, the lens by which we gaze upon villains inevitably shifts. We like the enemy potent, but the danger sterilized. As soon malice claws its way into the real world, there are tangible consequences. We scoff at the email phishing stories of the “Nigerian Prince” who just needs you to Venmo him a few thousand dollars to bring his family to the states, to be paid back in royal interest, but there’s a reason why those stories persist. Some people get fooled.

What happens when it’s us?

Not every adversary is going to be as bumbling and obvious as to make their email Fakeprince@Nigerianscammer.com, nor will they employ the grammar of a third-grade exchange student (or certain autumn-hued authority figure).

There are complex villains out there right now. Actual, real-life, blood and bone adversaries. Complex in the fact that they are smart, sophisticated, driven, and might want to take what’s yours, regardless of the consequences. The thievery doesn’t even have to be out of malice or harmful intent. Sometimes the invasion is for sport, other times it’s out of sheer desperation. There might even be reasons that can only be fathomed by the intricate mind on the other side of the potential crime. Entire underground, international business have been built on things as simple as access, and even if you don’t have any classified government documents, or valuable IP, or the secret to the perfect margarita on your hard drive, you might still be a target. These villians thrive on these feelings of fear and stake their “careers” on the fact that we will see solid cybersecurity as a complex and out-of-reach impossibility. It is not and getting started is easier than you think.

So why bring this up? Why the proverbial boogeyman?

IDENTIFYING THE VILLIAN

It’s not to act as a scare tactic (although if it’s fear you’re feeling, it might not be entirely unfounded). It’s because one of the most multifaceted aspects of villainhood is identification. And when it comes to the wild frontier of the world wide web, anonymity is the default. Not many people show their real face.

Of course certain questions arise.

Who is the actual enemy?

Who is the entity that is capable of causing you grief?

Who is the real force keeping you from the all-American right to life, liberty, and the pursuit of complimentary Wi-Fi?

GO ASK YOUR MOTHER

Here I’d like to introduce what we call the ‘Go Ask Your Mother’ phenomenon.

[Note: ‘Go Ask Your Father’ is also exchangeable and perfectly acceptable, we just had to pick one for example purposes. You’ll see why at the end.]

To make things simple, let’s say a child wants something, like an extra hour of iCarly, or another couple of Do-si-do cookies, or getting out of brushing their teeth. What do they do?

“Daddy,” they might intone, perhaps with a disposition sweeter than said Do-si-dos. “Can I play games on the iPad before bed?”

Dad doesn’t want to be the villain in this situation. I mean, just look at those chubby cheeks and overbearing forehead that’s like a distorted reflection in a concave, temporal mirror. How could he say no? Even thought it’s been proven that when little Aiden plays games before bed he has trouble sleeping, this diversionary tactic—as old as parenthood itself—may then be subsequently employed.

“Go ask your mother.”

Bingo.

Responsibility averted.

Inevitably, this might turn into a night on the couch and a crick in the neck, but either way, Dad had successfully pivoted away from the dark spotlight of a child’s scorn. Dad is not the villain. Dad had made Mom the villain, and Dad’s not perceived as the one keeping the child from the Candy Jewel Pirate level with all those sparkly colors and hidden fees.

THE ART OF MISDIRECTION

To bring things back up to the adult level, it has to be stated that the idea of misdirection has taken many iterations and variations throughout history: False Flags. Swift Boats. Trojan Horses. Red Herring. Phishing. Vishing. Smishing.  

Blame-shifting is not a new concept, but it’s a powerful one.

If your enemy does not know who you are, how can you be stopped?

And taking it even further, if you can convince an enemy that the problems lies within an ally, then they sky (or more aptly, the bottomless pit) is the limit.

This seems to be the case when it comes to cyber security.

The net is presented as this wonderfully rational place of unlimited access and information, a playground for the mind. In a lot of ways, this is true. But also in a lot of ways there are termites in the monkey bars.

SHIFTING YOUR FOCUS

When it comes to protecting yourself online, it’s important to shift the focus and know thy villain. Those who seek to do you harm want to maintain the façade of open channels. They want to pose the idea that implementing any sort of limits is against the status quo, and that any barrier is unconscionable to freedom.

But remember:

Precaution is not the villain.

Those who serve to gain from easy access to your profile want you to see cybersecurity as a cumbersome steel door, bolted and chained, and electrically charged with a million watts. They want you to think that putting the proper measures in place is an affront to freedom and a costly, complicated battle that cannot be won.

They want to shift the blame.

But cybersecurity is not a door.

It’s a screen door.

Yes, it’s an additional cost. Yes, it takes time to install. Yes, its an extra step.

But you can still feel the breeze. You can still watch the sunset. You can open it any time you want and walk out into the world, all the while keeping even the most complex mosquitos outside.

So should you delay in updating your security, or at least reaching out to a professional for a consultation?

Go ask your motherboard.

Click for more on CyberDefenses’ many Managed Security Services and the numerous ways we can help you.

About the author

Dan Cohen

Daniel A. Cohen is the #1 Amazon Bestselling author of Coldmaker, out now with HarperCollins. His fiction been long-listed for the David Gemmell award in the UK, and his nonfiction has been featured in Writers & Artists. He lives in Austin, Texas.

Contact CyberDefenses to speak with us about defending your organization against cyber threats.