To Improve Cybersecurity, Think Like a Hacker

March 6, 2017 | Strategy

In the past several years, the list of companies whose internal systems have been hacked has grown rapidly. It now includes such high-profile businesses as Target, JPMorgan Chase, Home Depot, Sony Pictures, Ashley Madison, and Yahoo. No industry appears to be safe from attacks. Unfortunately, the authors say, investment in security measures is only part of the answer; traditional methodologies can only do so much. To be effective, managers in charge of cybersecurity need to adjust their mindsets and become as open and adaptive as possible. In this article, the authors present a framework drawn from the knowledge and opinions of experts, including interviews with more than 20 experienced hackers. As the authors explain, hackers have two different mindsets depending on the stage of the attack: explorative and exploitative. An exploration mindset used in the early stages of an attack combines deliberate and intuitive thinking and relies on intensive experimentation. Once access to a system is gained, hackers adopt an exploitation mindset. An attack typically involves four steps: Step 1: Identifying Vulnerabilities If hackers think your company is worth attacking, they will examine it thoroughly for weaknesses, surveying the network information, organizational information, and security policies. Companies can protect themselves by adopting an iterative and adaptive process and making a point of conducting a high-level “footprint” of their systems on a regular basis. They should also make sure that employees are well informed on policies regarding sharing of information. Step 2: Scanning and Testing After a hacker has broken into your network, weaknesses in the applications running on those systems could become avenues for further unauthorized access. To protect your company, examine your network and identify potential weaknesses. Step 3: Gaining Access Hackers often play on both sophisticated technical knowledge and social skills to breach company security. Companies need to consider how a hacker could gain access to their systems. Step 4: Maintaining Access Hackers try to retain their “ownership” of the system and access for future attacks. Organizations need to remain vigilant for suspicious activity in system logs and to ensure that monitoring systems are always up to date. “Cybersecurity is a game of cat and mouse in which the cat always makes the first move,” the authors write. The more you can think like a hacker, the better able you will be to protect your company.

Purchase Options

PDF $6.95

PDF + Permission to Distribute $5.90

Educator and Student Discounts Available. Learn more »

SELECT c.parent_id, c.format_id
                    FROM products AS p, products AS c
                    WHERE p.prod_id = c.parent_id AND
                        c.avail_id IN ('A','B','D') AND
                        c.type_id = 'V' AND
                        (
                            c.sku = 'to-improve-cybersecurity-think-like-a-hacker' OR
                            if(c.format_id = 'Certificate', '', p.url_friendly) = 'to-improve-cybersecurity-think-like-a-hacker'
                        )
                    LIMIT 1

SELECT `products`.`parent_id`
FROM (`transaction_lines`)
JOIN `products` ON `products`.`sku` = `transaction_lines`.`sku`
JOIN `product_categories__products` ON `products`.`parent_id` = `product_categories__products`.`prod_id`
WHERE `products`.`avail_id` = 'A'
AND TO_DAYS(transaction_lines.updated_at) < (TO_DAYS(NOW()) - 90)
AND `product_categories__products`.`cat_id` IN ('249')
GROUP BY `products`.`parent_id`
ORDER BY COUNT(*) DESC
LIMIT 6

SELECT SQL_CALC_FOUND_ROWS media_id, position
FROM (`media`)
WHERE `foreign_key_table` =  'products'
AND `foreign_key_column` =  'prod_id'
AND `foreign_key_value` =  '3411'
AND `kind` =  'image_600x600'
ORDER BY IF(position = 0, 1, 0) ASC , `position`

SELECT SQL_CALC_FOUND_ROWS media_id, position
FROM (`media`)
WHERE `foreign_key_table` =  'products'
AND `foreign_key_column` =  'prod_id'
AND `foreign_key_value` =  '3411'
AND `kind` =  'gallery_image'
ORDER BY IF(position = 0, 1, 0) ASC , `position`

SELECT *
FROM (`products`)
WHERE `avail_id` IN ('A', 'B', 'C', 'H')
AND `parent_id` = '3411'
AND `type_id` = 'V'
ORDER BY IF(position = 0, 1, 0) ASC , `position`, `title`

SELECT SQL_CALC_FOUND_ROWS media_id, position
FROM (`media`)
WHERE `foreign_key_table` =  'products'
AND `foreign_key_column` =  'prod_id'
AND `foreign_key_value` =  '3412'
AND `kind` =  'thumbnail'
ORDER BY IF(position = 0, 1, 0) ASC , `position`

SELECT `product_categories__products`.`cat_id`
FROM (`product_categories__products`)
JOIN `product_categories` ON `product_categories__products`.`cat_id` = `product_categories`.`cat_id`
WHERE `product_categories__products`.`prod_id` =  '3411'
AND `product_categories`.`parent_id` =  1
AND `product_categories__products`.`cat_id` NOT IN (1, 261)

SELECT `cat_id` AS id, `parent_id` AS parent, `status_id`, `name`, `description`, `url_friendly`, `page_title`, `meta_keywords`, `meta_description`, `position`, `updated_at`
FROM (`product_categories`)
WHERE `cat_id` != 1
ORDER BY `parent_id`, IF(position = 0, 1, 0) ASC , `position`, `name`

Loading Time: Base Classes	0.0009
My Controller Construct	0.0003
Build Nav	0.0011
Controller Execution Time ( Products / Route )	0.1215
Total Execution Time	0.1224

0.0003	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0002	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0002	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0002	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0001	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0002	SELECT * FROM (`carts`) WHERE `cart_id` = '5e14dc26cc404fcc15def70010faafce' ORDER BY `created_at` DESC
0.0002	SELECT SQL_CALC_FOUND_ROWS cat_id FROM (`product_categories`) WHERE `status_id` = 'A' AND `url_friendly` = 'to-improve-cybersecurity-think-like-a-hacker' AND `parent_id` = 1
0.0132	SELECT c.parent_id, c.format_id FROM products AS p, products AS c WHERE p.prod_id = c.parent_id AND c.avail_id IN ('A','B','D') AND c.type_id = 'V' AND ( c.sku = 'to-improve-cybersecurity-think-like-a-hacker' OR if(c.format_id = 'Certificate', '', p.url_friendly) = 'to-improve-cybersecurity-think-like-a-hacker' ) LIMIT 1
0.0003	SELECT `parent_id` FROM (`products`) WHERE `prod_id` = 3411
0.0003	SELECT * FROM (`products`) WHERE `products`.`prod_id` = '3411'
0.0002	SELECT * FROM (`authors`) JOIN `products__authors` ON `authors`.`author_id` = `products__authors`.`author_id` WHERE `products__authors`.`prod_id` = '3411' ORDER BY `sort` ASC
0.0001	SELECT `cat_id` FROM (`product_categories__products`) WHERE `prod_id` = '3411'
0.0001	SELECT * FROM (`product_flags__products`) WHERE `prod_id` = '3411'
0.0005	SELECT `sku` FROM (`products__xsell`) WHERE `prod_id` = '3411' ORDER BY IF(position = 0, 1, 0) ASC , `position`
0.0771	SELECT `products`.`parent_id` FROM (`transaction_lines`) JOIN `products` ON `products`.`sku` = `transaction_lines`.`sku` JOIN `product_categories__products` ON `products`.`parent_id` = `product_categories__products`.`prod_id` WHERE `products`.`avail_id` = 'A' AND TO_DAYS(transaction_lines.updated_at) < (TO_DAYS(NOW()) - 90) AND `product_categories__products`.`cat_id` IN ('249') GROUP BY `products`.`parent_id` ORDER BY COUNT() DESC LIMIT* 6
0.0002	SELECT `parent_id` FROM (`products`) WHERE `prod_id` = '361'
0.0004	SELECT * FROM (`products`) WHERE `products`.`prod_id` = '361'
0.0002	SELECT * FROM (`authors`) JOIN `products__authors` ON `authors`.`author_id` = `products__authors`.`author_id` WHERE `products__authors`.`prod_id` = '361' ORDER BY `sort` ASC
0.0001	SELECT `parent_id` FROM (`products`) WHERE `prod_id` = '3961'
0.0002	SELECT * FROM (`products`) WHERE `products`.`prod_id` = '3961'
0.0002	SELECT * FROM (`authors`) JOIN `products__authors` ON `authors`.`author_id` = `products__authors`.`author_id` WHERE `products__authors`.`prod_id` = '3961' ORDER BY `sort` ASC
0.0001	SELECT `parent_id` FROM (`products`) WHERE `prod_id` = '35'
0.0002	SELECT * FROM (`products`) WHERE `products`.`prod_id` = '35'
0.0002	SELECT * FROM (`authors`) JOIN `products__authors` ON `authors`.`author_id` = `products__authors`.`author_id` WHERE `products__authors`.`prod_id` = '35' ORDER BY `sort` ASC
0.0001	SELECT `parent_id` FROM (`products`) WHERE `prod_id` = '179'
0.0001	SELECT * FROM (`products`) WHERE `products`.`prod_id` = '179'
0.0002	SELECT * FROM (`authors`) JOIN `products__authors` ON `authors`.`author_id` = `products__authors`.`author_id` WHERE `products__authors`.`prod_id` = '179' ORDER BY `sort` ASC
0.0001	SELECT `parent_id` FROM (`products`) WHERE `prod_id` = '489'
0.0002	SELECT * FROM (`products`) WHERE `products`.`prod_id` = '489'
0.0003	SELECT * FROM (`authors`) JOIN `products__authors` ON `authors`.`author_id` = `products__authors`.`author_id` WHERE `products__authors`.`prod_id` = '489' ORDER BY `sort` ASC
0.0002	SELECT `parent_id` FROM (`products`) WHERE `prod_id` = '2465'
0.0005	SELECT * FROM (`products`) WHERE `products`.`prod_id` = '2465'
0.0005	SELECT * FROM (`authors`) JOIN `products__authors` ON `authors`.`author_id` = `products__authors`.`author_id` WHERE `products__authors`.`prod_id` = '2465' ORDER BY `sort` ASC
0.0003	SELECT SQL_CALC_FOUND_ROWS media_id, position FROM (`media`) WHERE `foreign_key_table` = 'products' AND `foreign_key_column` = 'prod_id' AND `foreign_key_value` = '3411' AND `kind` = 'image_600x600' ORDER BY IF(position = 0, 1, 0) ASC , `position`
0.0002	SELECT * FROM (`media`) WHERE `media`.`media_id` = '1570'
0.0002	SELECT * FROM (`mime_types`) WHERE `mime_types`.`extension` = 'jpg'
0.0001	SELECT * FROM (`media_metadata`) WHERE `media_id` = '1570'
0.0003	SELECT SQL_CALC_FOUND_ROWS media_id, position FROM (`media`) WHERE `foreign_key_table` = 'products' AND `foreign_key_column` = 'prod_id' AND `foreign_key_value` = '3411' AND `kind` = 'gallery_image' ORDER BY IF(position = 0, 1, 0) ASC , `position`
0.0003	SELECT * FROM (`products`) WHERE `avail_id` IN ('A', 'B', 'C', 'H') AND `parent_id` = '3411' AND `type_id` = 'V' ORDER BY IF(position = 0, 1, 0) ASC , `position`, `title`
0.0001	SELECT `c`.`format_id`, `c`.`price`, `c`.`sale_price` FROM (`products` AS c) WHERE `c`.`prod_id` = '3412' LIMIT 1
0.0007	SELECT SQL_CALC_FOUND_ROWS media_id, position FROM (`media`) WHERE `foreign_key_table` = 'products' AND `foreign_key_column` = 'prod_id' AND `foreign_key_value` = '3412' AND `kind` = 'thumbnail' ORDER BY IF(position = 0, 1, 0) ASC , `position`
0.0007	SELECT `product_categories__products`.`cat_id` FROM (`product_categories__products`) JOIN `product_categories` ON `product_categories__products`.`cat_id` = `product_categories`.`cat_id` WHERE `product_categories__products`.`prod_id` = '3411' AND `product_categories`.`parent_id` = 1 AND `product_categories__products`.`cat_id` NOT IN (1, 261)
0.0004	SELECT `cat_id` AS id, `parent_id` AS parent, `status_id`, `name`, `description`, `url_friendly`, `page_title`, `meta_keywords`, `meta_description`, `position`, `updated_at` FROM (`product_categories`) WHERE `cat_id` != 1 ORDER BY `parent_id`, IF(position = 0, 1, 0) ASC , `position`, `name`
0.0007	SELECT * FROM (`product_categories`) WHERE `status_id` = 'A' AND `parent_id` = 1 AND `cat_id` NOT IN (1, 261) ORDER BY `name`
0.0003	SELECT * FROM (`site_settings`) WHERE `option_key` = 'announcement'

HTTP_ACCEPT	/
HTTP_USER_AGENT	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
HTTP_CONNECTION
SERVER_PORT	443
SERVER_NAME	mit-sloan.rarebirdinc.com
REMOTE_ADDR	3.14.134.33
SERVER_SOFTWARE	Apache
HTTP_ACCEPT_LANGUAGE
SCRIPT_NAME	/index.php
REQUEST_METHOD	GET
HTTP_HOST
REMOTE_HOST
CONTENT_TYPE
SERVER_PROTOCOL	HTTP/2.0
QUERY_STRING
HTTP_ACCEPT_ENCODING	gzip, br, zstd, deflate
HTTP_X_FORWARDED_FOR

session_id	4c4907b59401be955b8b2376e5d91ab8
ip_address	3.14.134.33
user_agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
last_activity	1739473605
user_data
cart	Array ( [cart_id] => 5e14dc26cc404fcc15def70010faafce [subtotal] => Array ( [Physical] => 0 [PDF] => 0 [Zip] => 0 [Audio] => 0 [Video] => 0 [Digital Replica] => 0 [eBook] => 0 [Certificate] => 0 [Print Sub] => 0 [Digital Sub] => 0 [Combo Sub] => 0 [Shippable] => 0 ) [item_count] => Array ( [Physical] => 0 [PDF] => 0 [Zip] => 0 [Audio] => 0 [Video] => 0 [Digital Replica] => 0 [eBook] => 0 [Certificate] => 0 [Print Sub] => 0 [Digital Sub] => 0 [Combo Sub] => 0 [Shippable] => 0 ) [contains_books] => 0 )

base_url	https://mit-sloan.rarebirdinc.com/
index_page
uri_protocol	AUTO
url_suffix
url_allowed_suffixes	Array ( [0] => html )
language	english
charset	UTF-8
enable_hooks	1
subclass_prefix	MY_
permitted_uri_chars	a-z 0-9~%.:_\-
allow_get_array	1
enable_query_strings
controller_trigger	c
function_trigger	m
directory_trigger	d
log_threshold	4
log_path	/var/www/mit-sloan.com/logs/
log_date_format	Y-m-d H:i:s
cache_path
encryption_key	pIck\|3j@rZ
sess_cookie_name	ci_session
sess_expiration	7200
sess_expire_on_close
sess_encrypt_cookie
sess_use_database	1
sess_table_name	sessions
sess_match_ip
sess_match_useragent
sess_time_to_update	3000
cookie_prefix
cookie_domain	.mit-sloan.rarebirdinc.com
cookie_path	/
cookie_secure
global_xss_filtering
csrf_protection
csrf_token_name	csrf_test_name
csrf_cookie_name	csrf_cookie_name
csrf_expire	7200
compress_output
time_reference	local
rewrite_short_tags
proxy_ips
globals	Array ( [org] => SMR [company_name] => MIT Sloan Management Review [cs_address_1] => 238 Main Street E48-570 [cs_address_2] => [cs_city] => Cambridge [cs_state] => MA [cs_zip] => 02142 [cs_phone] => 617-253-7170 [cs_fax] => 617-258-9739 [cs_hours] => 8 a.m. - 5 p.m. [EST] Mon. - Fri. [cs_email] => smr-help@mit.edu [triliteral_email] => orders@triliteral.org [mit_issues_email] => smr-issues@mit.edu [order_confirm_email] => smr-noreply@sloan.mit.edu [webmaster_email] => webmaster@rarebirdinc.com [inventory_recips] => developer@rarebirdinc.com [meta_description] => MIT Sloan Management Review's online store [meta_keywords] => [copyright] => Copyright © Massachusetts Institute of Technology, 2025. All rights reserved. [ga_account] => [recaptcha] => Array ( [public_key] => [private_key] => ) [enable_users] => [doc_root] => /var/www/mit-sloan.com/web [media_path] => /var/www/mit-sloan.com/web/media [data_path] => /var/www/mit-sloan.com/web/../data [csv_path] => /var/www/mit-sloan.com/web/../data/csv [ini_path] => /var/www/mit-sloan.com/web/../data/ini [pdf_path] => /var/www/mit-sloan.com/web/../data/pdf [certificate_pdf_path] => /var/www/mit-sloan.com/web/../data/certificate_pdf [audio_path] => /var/www/mit-sloan.com/web/../data/audio [video_path] => /var/www/mit-sloan.com/web/../data/video [zip_path] => /var/www/mit-sloan.com/web/../data/zip [epub_path] => /var/www/mit-sloan.com/web/../data/epub [mobi_path] => /var/www/mit-sloan.com/web/../data/mobi [cli_path] => /var/www/mit-sloan.com/application/controllers/cli [title_suffix] => - MIT SMR Store [seo] => Array ( [default_title] => MIT SMR Store [og_image] => http://mit-sloan.rarebirdinc.com/assets/images/mit-smr-social-default.png ) [default_meta] => Array ( [description] => MIT Sloan Management Review's online store [keywords] => [copyright] => Copyright © Massachusetts Institute of Technology, 2025. All rights reserved. [author] => MIT Sloan Management Review ) [main_site_url] => http://sloanreview.mit.edu [license_agreement_pdf_url] => /pdf/MgmtReportLicensingAgreement.pdf [permission_to_copy_min_qty] => 5 [adminbghex] => #c9c9c9 [adminfghex] => #e9e9e9 [adminac1hex] => #a9a9a9 [default_product_thumbnail] => /assets/images/MITSMR_cover.jpg [default_product_cover] => /assets/images/MITSMR_cover.jpg [sendgrid_api_key] => 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 )
template	Array ( [default_layout] => layouts/application [enable_view_path_comment] => 1 )
sfg	Array ( [debug] => 0 [log] => 1 [notify] => 1 [timeout] => 10 [test_mode] => [remote_host] => api.sfgnetwork.com [remote_port] => 443 [remote_uri] => /websvcapps/services/https/process_xmlrpc.php [remote_method] => process_xmlrpc [services] => Array ( [ecommerce_order] => Array ( [user] => 122f2eb252faa4e4b86193e483bd2b52 [pass] => 21598fa307e843648856f0c3f41bfbc5 ) [product_status] => Array ( [user] => 1ec0e02302ef35e38fb75f6d13670357 [pass] => 36375bce7741df326faec39f71240d5e ) ) )

To Improve Cybersecurity, Think Like a Hacker

You may also be interested in:

Strategic Decisions for Multisided Platforms

A Structured Approach to Strategic Decisions

The Hard Truth About Business Model Innovation

How Useful Is the Theory of Disruptive Innovation?

The Role of the Chief Strategy Officer

Scenario Planning: A Tool for Strategic Thinking