CEO's of IT companies doesn't know this because they are not a hacker.
Only a true hacker can become a successful Security head officer.
Well let me tell you something my good friend. Many companies we have today they are still getting attacked from hackers around the world, and whose job is it to make sure that doesn't happen?
That's right the head of the security for that individual firm. There are a few of these positions in every firm that applies for slightly different areas in the IT part for a company, but overall they are suppost to keep intruders away.
You need to think what a hacker would do in certain situations when it comes to cracking systems, creating software, tracking down other hackers or whatever the case might be. It has to be a natural thing.
My friend, you need to become one with your hacking potential.
Hacking in my opinion is a skill set, you need to grow that skill set. Let it define you, let it grow within you and you will think like a hacker.
Knowing how to stay safe on the internet is what many people knows how to. But being able to go those 'dangerous' places and still being safe that in my opinion is hard to do if you can't think like a hacker.
Look at people who download illegal movies and programs what not. Many get caught because they don't know how to stay away from the ISP and the companies reporting the illegal activity.
They need a hackers advice on improving that set of skill.
(I can personally support this example from real life)
Why is it that they still get attacked?
- I like to categorize security engineers like so;
They can't think like a hacker because they are not one. They are simple a security engineer.
- THE MINDSET
They don't know how hackers think or how they operate, what techniques they use, and most importantly what they are capable of. Hackers find new vulnerabilities every day, and exploit that shit. Developing new FUD software to evade AV's and even Firewalls.
Let me tell you a secret that many many people doesn't know.
When a hacker sets himself a goal, he will achieve it. Because the hacker is not in a rush, he is in the shadows. The admin doesn't know the hacker only that they are hidden 'waiting' sorta say.
A hacker will come up with a different way of approaching the goal. And let's be honest there are soooo many ways you can crack for example a WiFi password. Or installing a RAT on your friends computer.
The hacker knows of the possible solutions, and he will continue until one of them cracks it, because he knows it will. Not a single system is
impossible to crack. That's a funny way to think if you don't know this. If you ask anyone who isn't a hacker they probably think as soon as they scanned their PC for viruses in their AV and then clicked "remove" they are now completely safe and wont worry as much. What if the hacker hasn't decided to give up? And right there you have the vulnerability for an individual. Hackers doesn't give a singly f#ck about how long it will take them to crack your password, they aren't going anywhere. 10 hours to brute force your password? No problem, they'll click run and then come back in 10 hours, it doesn't matter for him, something has to succeed eventually.
- Making the decision to let your guards down is the moment you just mailed an invitation to the hacker to have a full VIP tour in your computer system.
Nothing and nothing has ever been completely secure nor will there ever be a system or network or company etc that will get to that point, because there are black hat hackers developing malicious software that has an algorithm that AVs doesn't know about, which means that software will work on whatever system is vulnerable to that exploit.
So, how would you stay as safe as possible?
Well, you would need, if you ask me, a bunch of real hackers who knows what they are capable of, and develop software that can protect you, and make your company so secure with encryption, untraceable servers, proxychains for the admins so the hackers can't perform active reconnaissance and can't determine the IP to attack.
When you comebine all the things you can do to stay safe, you get to a point where it is absolutely pointless to even try and crack the Database password, or track down the admins ip address, or decrypt the encryption etc.
- And that's what its all about. Making it so hard for the hacker to achieve his goal so that it's pointless for him to try.
That's a very sky high point to reach, because with enough money and ressources many say that it is possible to trace anyone down. Personally I think you can outbeat that statement, but who knows, I might be wrong or crazy thinking.
With all of this now hopefully saved to your memory, you will understand better how a hackers mindset works.