How Attackers Choose Which Vulnerabilities To Exploit
- Apr 05, 2013
- Michael Tucker
I loved the opening paragraph in a recent article titled, “How Attackers Choose Which Vulnerabilities To Exploit” by Michael Cobb, Contributing Writer at Dark Reading! Here’s the statement:
“It’s an old but true adage: To protect yourself against a criminal, you have to think like a criminal. This certainly applies to IT security professionals working to keep their organizations’ systems and data safe: To protect against a cyber attacker, you have to think like a cyber attacker.”
Think like a hacker
This is a philosophy and approach that is part of our culture and corporate DNA at NopSec. Our software-as-a-service, Unified VRM, grew out of penetration testing and continues to evolve as we learn more about our customers’ environments and make advances in our Intelligent Algorithm, which helps identify, validate, and prioritize vulnerabilities.
As mentioned in the Dark Reading article, and validated by our own experiences, most victims were not preselected but were chosen because the attacker found an easily exploitable weakness. In an earlier post on our blog, “Reduce your odds of needing “incident response” I remarked on the often repeated statement by our CIO, ““Not all vulnerabilities are created equal. The important ones are exploitable.”