Sangeet Chopra, Information Security Specialist, CyberCure Technologies, is considered to be among the top 10 ethical hackers in India. Chopra, a prolific speaker who conducts hundreds of cybersecurity training workshops globally, is known for his expertise in the area of network defense development tools.
“My parents locked the computer with a password because exams were near. Since I wanted to check a social media site I had to crack into the system. Eventually, I hacked into it and got access to my computer,” he once shared an anecdote around the genesis of the hacker in him in an interview with www.careers360.com.
From this humble beginning to helping nab cyber criminals, Chopra has come a long way. With the learnings accumulated over this journey, he gives an insider’s of what ticks a hacker’s mind and shares his advice for CISOs to strengthen their cybersecurity defense.
Understanding the Hacker Mindset
– Hacking is a Passion, Not a Job: Hackers do not approach their work as a job. If a hacker wants to penetrate and breach any information systems, he/she will not think of it as just a job that needs to be done. It is rather a passion for them. As a result, you will find them putting their heart and soul into an attack and to try and find the vulnerabilities.
– Hackers Target Weak People and Weak Technology: If a hacker can’t find vulnerability in a technology, he/she will start looking for vulnerabilities in humans to identify their easiest victims. It is no surprise then that a majority of cyberattacks are a result of insider threats. All a hacker needs is to find just one victim to gain access to a computer and from thereon to the entire corporate network.
Advice for CISOs
Today CISOs are getting too occupied with compliance, frameworks and management. They are even finding a spot in the top management. While this is a positive development, the pitfall is they are so stuck in managing things often losing sight of the technical aspects. Although they have vendors and have strong teams in place, still they lack a vigilant view from the technology standpoint.
In the age of information warfare and heightened cybercrime, which is both organized and aimed at big financial gains, CISOs should constantly learn and upgrade their technical expertise. It is time they deep dive into technology and get their hands dirty to build more credible defense strategies. CISOs can never leave their technology role behind, which will always have to over-power their role as a manager.
At the same time, a CISO cannot keep pace with the dynamic threat landscape and evolving technologies at all times. Hire a cybersecurity expert with strong technical skills, perhaps a whitehat hacker, who really understands code level exploits present in OEMs, hardware, etc. Just signing a paper and putting the technology in place will not necessarily make the organization secure.