Your castle’s walls are high and your moats are wide. Your soldiers are many and their swords are sharp. You seem impenetrable.
But I have something that you lack. Time, dear defender, is on my side. I will continue to strike every inch of your walls from afar until I find a crack in the brick that I can exploit. I will locate every builder of your castle and find every blueprint. Your moats may be very wide but they are not deep throughout. There are shallow places that in the dark of the night I can cross. Time will pass and your walls will begin to wear out and crumble. Cracks will start to form and your walls will be weakened.
And most importantly, your repairs are many. You cannot keep up with time. As you patch the cracks in the walls, new ones appear. Old foundation is buried under the new one and while still holding the castle, it can no longer be repaired. You distract yourself with one “big” break in your wall while ignoring many others.
Your castle is populous. So many people have access to open your castle doors from the inside. Be careful, not all can be trusted. With time I can find one that has a weakness.
You built your castle to be strong, but you did not build it to last. Time destroys all and I, the offender have all the time. So that is why I say to you – the time is on my side.
While organization’s defenses may be at its strongest, the bigger the attack surface, the more there is a chance that a critical vulnerability is missed. With new vulnerabilities coming out every day and it seems like the critical ones, you know they ones that affect everyone and seem to be in everything, are at least one per month. It is only a matter of time before an attacker finds one that was missed, or one that just came out and have not yet been been patched. An attacker will always have the advantage of time. A determined attacker will find a way in. Its only a matter of time. All software is eventually outdated. The more devices there are on the network, the more patches there are to install. Most organizations, lack resources and time to patch every system. Systems are interconnected and new software has been developed to depend on old systems.
The battlefield has not changed since the middle ages into the cyber age. The problems are still the same and offenders always seem to have the upper hand. Defenders job is to continuously play catch up. Until we have new ways to build our castles and dig our moats and to educate our people, defenders will be behind the curve. The solution is in building security in from the beginning. Create systems that are based on security principles. We are are on our way but the journey will be long.
This offender’s advantage series will attempt to examine the ways of the attacker, whether it is a penetration tester or a malicious entity. I will attempt to draw a parallel between the cyberspace and historical battlefields to examine the offender’s advantage. I will try to explain some of the techniques in an easy to understand, non-technical language to provide insight into the hacker’s world in plain English.
Thanks for reading, and we look forward to sharing the rest of the series with you!