Preempt Blog

The latest insights and advice to keep your company protected from insider threats and breaches

Threat is Relative. 5 Easy Actions to Mitigate Threats at Work and Play.

Just recently,  I was talking to a tourist who told me how safe my city was. I nodded and agreed. It took me few more minutes to understand which parts of the city he considered “safe”.

There are parts of the city I normally wouldn’t visit unless I had to. And at that, I probably wouldn’t be visiting them in the late hours as he was.  From personal experience I know that “feeling safe” is relative. What feels safe for one could feel dangerous or threatening to another. It’s the same with networks.

I can say that Enterprise networks are safe and secured, but in same breath I can say they are a very dangerous sphere. On the network, people and organizations can be exposed to blackmail, identity theft, ransom, abuse or more.  Security threats are an unavoidable part of both worlds and it’s not going away. How can we mitigate threats to the extent where we make our personal and network lives better?

Here are 5 things you can do to mitigate threat to your network persona and your real life persona:


  1. Awareness is key
    Be conscious of your environment. This is a very hard task because as humans we have selective attention. Be educated about threats as they are becoming more sophisticated. Educate yourself on how to identify what a threat is, what it looks like, what makes you a good target and most of all how to acknowledge you are under attack.

    Many people and even organizations do not even know they are under an attack. This is why on average an attacker can spend up to 256 days in the network without being detected even though they can take the network down in a matter of hours. Look around. Know your surroundings. Identify your weak points. Identify your strengths so know how to get away safe in time of trouble.  

  2. Be Doubtful
    Trust is a good and important characteristic, however there is a place for doubt. Question everything and leave no open question marks. It was in my early days as a security professional that I was taught about this and I carry this quote with me to remind me: “there is no doubt where there is doubt.”  In other words, if there is a question mark lying above the operation it’s probably not a good move.

    A real life example is when credit card representative calls me I will always challenge them to prove their identity.  

  3. Don’t Fear
    It will weaken you. Being fearless is not about being brave or acting stupid. It’s about being in control. It’s an attitude that reflects confidence. The meaning of the word confident has a wide spectrum — from self awareness to acting vain or in other words imperious. I am referring to the range of meaning and self awareness.

    I believe it’s an essential characteristic one should use to keep in control. Assured people will project “secure” and are less likely to get attacked than others. It’s about identifying unusual behavior before or when it happens. And for the very confident you can use your behavior for deceptive reasons by acting weak or fearful in order to attract and catch attackers like bait.

  4. Reduce Risk
    Expose only what you need to. Don’t seek attention. Be organized. Carry what you really need and regularly assess yourself and know where your stuff is. When I feel there is a potential threat at hand, this helps me to keep my attention focused on areas that matters (in other words, my phone and wallet).

    Verify that you have your data backed up (I sync to cloud), use multi-factor authentication mechanisms in addition to passwords (I do) and keep evidence such as taking pictures and videos.

  5. Be Effective
    For me effectiveness is about being pragmatic. It’s about knowing what I can do as opposed to what I can not do. I am taking the hat of the red team in that case.

    I am constantly practicing and testing the effectiveness with actual scenarios.  This includes challenging my son to break into my phone (whoever is thinking of penetration testing–raise hands now!) or take over my social account. I am ready to fail and improve with impervious as a goal in mind.

Keep safe and secure!


Topics: Threat Mitigation,

Posted by Eran Cohen on June 10, 2016 10:30 AM


Brute Force Attacks: Denying the Attacker, Not the User

According, close to 8 billion accounts have been compromised...

Read More


What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus...

Read More


A Simplified Approach to Network Segmentation

Network segmentation has long been one of the most valuable tools for protecting ...

Read More


10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major

Read More


Brute Force Attacks: Denying the Attacker, Not the User

According, close to 8 billion accounts have been compromised...

Read More