Ethical hackers have to “pretend and think like a criminal” as attackers think in the opposite way that a defender thinks.
Speaking at Check Point Experience in Vienna, ethical hacker and Cygenta co-founder Freaky Clown (FC) said that he is driven by trust issues, and stated he “trusts nothing unless I understand it fully, and I untrust everything to the nth degree, and then I trust it.”
FC pointed to security companies, saying you “cannot trust them to create secure software” and referenced cross-site scripting vulnerabilities, which have been present for the past 20 years. “It's really important to ensure every part of your security works together. You can spend millions, but if it does not work together you won’t have security in your building and hackers will find that flaw and use time and resources to get in,” he said.
With more and more devices connected, FC added that the scale of attacks has changed and while the future sees more integration of AI and machine learning, the introduction of driverless cars “is fascinating to me [as a hacker].”
However, he concluded by pointing out that there are too many negatives in cybersecurity, and asked “should we give up and go home?”
He said: “We’ve been doing this for 20 years and it is not working and it's looking more and more bleak. Not quite, we have talked about how generational threats have progressed, and we’ve flipped it at Cygenta.” This followed the introduction of a line of milestones, which Cygenta co-founder Dr Jessica Barker first displayed in her keynote at BSides Scotland last year.
FC said: “We are winning this, but it is a bit slow.”