Top 12 Reasons Why the Bad Guys are Always One Step Ahead

Be it criminal hackers or rogue employees, the bad guys always seem to be ahead of the curve. This explains the continuing struggles businesses have with security breaches. Miscreants want people to believe that what they do is mysterious art that only those with the utmost computer abilities can do it, but that’s not usually the case.

Here are what I believe to be the top 12 reasons why skilled attackers will always have the upper hand:

1. They have nothing to lose.
2. They have nothing but time.
3. They have a keen sense of situational awareness.
4. They know the average user is not paying attention.
5. They know that many organizations focus on compliance which often serves to create nothing more than a false sense of security.
6. They know that network and security admins are understaffed and overworked and can’t dedicate enough resources to security.
7. They know that sensitive information is everywhere, from mobile to the cloud, and no one has a good grasp on where it’s supposed to be.
8. They know that low-hanging fruit is everywhere – vulnerabilities that are ripe for picking.
9. They know that your network’s complexity simplifies their efforts.
10. They know that most networks have decent security controls that provide lackluster insight into real attacks.
11. They know that many of their exploits can be carried out without raising any red flags or triggering an alert.
12. They know that if they do get caught, they’ll be long gone before anyone can ever build a case against them.

Unauthorized actions against your network by those who have malicious intentions are a problem but they should not be the core issue for your business. Chasing down the bad guys during and after an incident is exciting, but it’s your choices leading up to the event that need the real attention. Know how the bad guys think but, more importantly, study the research coming out each year from Verizon, Trustwave, etc., perform your own security risk assessments and be prepared. Doing so will show you precisely where you need to focus your efforts to keep these criminals off your network. If you get everything mostly under control, the bad guys won’t stand a chance.