Skip to content
icon content hub

How Organization’s Must Rethink Security: A Hacker’s Perspective

“We simply need to make our position unassailable.”

Alissa Knight is a recovering hacker, serial entrepreneur, author and thought leader. She currently acts as group CEO of the managed security service provider Brier & Thorn, a partner at Knight Ink, and as principal analyst at Alissa Knight & Associates.

When the pandemic struck, Knight guided many of her clients through the new security challenges opened up by COVID-19 and the mass mandate to Work From Home (WFH).

Here’s what Knight experienced, saw and learned.

COVID and WFH open new vulnerabilities

As businesses shut down and workers were sent home, Knight began to worry.

During this transition the attack surface increased exponentially and became a massive soft target.

The world had just created an economy of people working from home without effective security controls, and without the personal cybersecurity budgets needed to layer defenses over their home devices.

Knight saw malicious actors take advantage of the situation. The number of incident response engagements at Brier & Thorn have nearly doubled since the pandemic began. And she has seen adversaries adapt their attacks to better target the remote workforce through more sophisticated Mac-based threats and social engineer attacks.

For Knight, organizations can take a few steps to secure their new distributed environments.

Knight’s advice: The biggest security challenges to solve

Knight believes the biggest problem organizations now face is a lack of visibility into their asset environment, combined with the inability to perform vulnerability and patch management.

Knight notes that most of her successful penetration tests have involved hacking assets that companies did not know they had, and that nearly all successful hacks in history have involved a malicious actor exploiting a known, patchable vulnerability.

For Knight, re-establishing visibility and control must come first.

To dive deeper into Knight’s story, and to learn more about what happened when the world stayed home, visit world-at-home.tanium.com.

Interested in seeing Tanium in action? Schedule a one-to-one demo or talk to our Tanium experts at our upcoming events.

Tanium Staff

Tanium’s village of experts co-writes as Tanium Staff, sharing their lens on security, IT operations, and other relevant topics across the business and cybersphere.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.

SUBSCRIBE NOW

Related

Image for what is business email compromise blog post

What is Business Email Compromise (BEC)? The Rising Costs of BEC Attacks

Desktop featured image: CTI blog 1 - wide

CTI Roundup: A Malicious Notepad++ Plugin, “Junk Gun” Ransomware, and a Google Malvertising Campaign

Tanium & ServiceNow logos lockup

New Tanium Security Operations for ServiceNow Gives Organizations a Powerful Cybersecurity Solution