It goes back to the root of the problem. In today’s world, attacks will continue to happen, and exploits will continue to be found. A threat on the offensive side of Cyber Security, once found it cannot be categorised as a minimum. Today, behind such targeted attacks, are very experienced hackers, it’s not a software that scans, there is an interaction based on the training and experience of such unorthodox attacks. One Vulnerability if considered minimum, and can be exploited, in the offensive world, is a maximum threat.
Meaning: Post Exploitation is a huge step, once a shell is gained from a minor threat, it can be escalated in minutes into a major threat from experienced hackers, and by doing so, they own all of that system. A lot of techniques are used that escalate from shells, harvesting credentials, from that one infected device (Printer, Machine, etc..) a local attack can take place, recon scans, and completely take over that network, using MITM, going under the layers of networking, to RAW Packet abuse, and Post Exploitation techniques to do it. And this happens, depending on some scenarios in minutes.
Still, today, when a business is starting, you get quotes on the hardware, software, then you go take quotes on security solutions (IPS, AVs, IDS, FW, and the list goes on), creating a budget for that infrastructure, networking, high availability, all this will run on operating systems, and then software. The issue is, not many are requesting the budget for pen-testing, code auditing, just after the setup has been done, and before you go online, and is not taken seriously.
How would you know how you withstand a targeted attack if you do not test your equipment setups? You do, once you get breached, and still that question, all the budget spent and still from an email we got a Ransomware? As long as the offensive world, having this experience is not made room for, the problem will always remain the same. There is no minimum threat when it comes to offensive attacks, every threat must be looked into, not just remediation, but by creating more positions for ethical hackers, penetration testers, working with the people who are protecting the infrastructure, and grow up with the culture of that company, understanding the business needs, creating better layers of security, by investing in the offensive security world, which is a crucial part when you talk about Cyber Security.
You cannot protect what you cannot see, and must always invest more in outsourcing if not growing internally. Those who will show you how in minutes, hours or days, could take down your network, Exploit a Zero Day in your Firewall, or show you how many times they injected your website with SQL Type and so on.
The tasks that require a different approach to testing the network, the people who build it, must not be the ones who test it.
Become a Patron!
