In order to beat your enemy, you must know your enemy, according to Sun Tzu’s masterpiece on strategy, The Art of War. This ancient wisdom still holds true today, even at the cutting edge of technology, where the battle is waging between the hacker on one side and the cyber security industry on the other.

So what do businesses need to know about this enemy, the modern day hacker?

Many of them want to challenge themselves or prove themselves to others and build a reputation, while another type of motivation is to cause disruption. Hacktivist organisations hack to make a point, to embarrass their targets and to see how much chaos they can generate.

Of course there’s also those that hack for commercial reasons. Attackers that steal data and hold companies to ransom will likely always exist, but for most hackers the motivation is curiosity.

With these motivations in mind, what can be done to defend against all types of attackers?

The current state of play

New security issues and hacking techniques are emerging all the time making it impossible for businesses to completely future proof themselves from hackers. But organisations can take simple steps that can go a long way to improving security. These include putting in place a strong patching and password policy, and enforcement of multi-factor authentication on every public-facing system.

Organisations should implement regular security testing of all potential attack vectors, especially if it’s something that’s changed. They need to ensure they put in place a security strategy and stick to it.

Perform awareness assessments, organise security audits, examine those controls, review that access list.

Cyber security best practice: Definition, diversity, training, responsibility and technology

As part of Information Age’s Cyber Security Month, we look at cyber security best practice — everything from defining it to the importance of training. Read here

Only as strong as the weakest link

There should also be a heavy focus on user education. Social engineering and phishing are now the primary method of hacking and delivering malware and attacks on infrastructure are less common. The former methods are successful because people make mistakes — they’ll click a link or open an attachment, making it much easier for hackers to get through a highly sophisticated technical defence.

Ultimately, businesses must have the right policies, processes and tested mechanisms in place to quickly and effectively react to mitigate risk.

There is no room for complacency, cyber threats are changing daily, so it is more important than ever that businesses keep informed of the latest developments. A cyber attack should be seen as inevitable so security should always be at the forefront of company strategy, not an afterthought.