Of course, it all depends on the people and the situation. An information security specialist and a hacker have different tasks and different difficulties. But in general, it is more difficult to defend against possible threats than to look for vulnerabilities, because it is enough for a hacker to know one loophole to achieve the goal, and an information security specialist needs to create a system that will be protected from many vulnerabilities.
To be a good information security specialist, you need to know all the hacking techniques that you will be “tested” with. To hack the network, it is enough to know one working technique.
Therefore, security specialists spend a lot of time studying hacking techniques and they are usually more professional than the people attacking them.
What all people have in common is shared access to public hacker utilities, for example, to the free Metasploit or Kali Linux exploit kit, or to paid utilities such as Core Impact. These are ready-made sets of attacking techniques and everything you need
— learn to run from. There are many instructional videos on youtube for this. And it doesn’t matter if you are playing the role of red team or you are a hacker — you use the same utilities and techniques.
What distinguishes a criminal favorably is that he can buy completely new hacking techniques on the “black” market that are still unknown to defenders and remain unnoticed inside your network for a long time. This makes it easier for the attacker to penetrate and poses a difficult task: how to defend against an unknown attack. For example, according to Group-IB, the Anunak criminal group was on average 42 days in the bank’s network, until the moment of withdrawal of money.
And here the defender has an advantage: one hacker’s mistake is enough and he will be noticed.
Therefore, the more different defense techniques you use, the less chances the attacker has. If you have only one protection technique, then most likely it has already
been bypassed.