Picture this, the stereotypical hacker: black hoodie, hunched over a laptop festooned with stickers, in a dark bedroom.
That’s not what the hackers I’ve met look like. In fact, quite a lot of hackers look a lot like information security professionals. They have the same training and share the same interests.
In some cases, they are even the same people: security professionals enjoy penetration testing, for instance, in which they essentially 'pretend' to be a hacker to find vulnerabilities.
In addition, plenty of security pros started out hacking, and only later got a respectable job. The older generation of network analysts often started out 'phreaking,' hacking phone systems, before graduating through black-hat hacking, white-hat pen testing, and finally to network security analysis.
Types of Hackers
That said, there are significant differences between different types of hackers. The clearest way to define these different types is to look at their motivations for hacking. By doing that, we can break hackers into several groups:
Personality Traits
Whatever their motive or level of expertise, it’s interesting to note that research on Hacker Personality Profiles Reviewed in Terms of the Big Five Personality Traits has found that all hackers share a remarkably similar type of personality.
Specifically, this research shows that hackers are unusually open to new experiences in comparison to the general population. In practice, this personality trait is manifested in the fact that hackers love a challenge, and that personal infamy is often as important to them as monetary gain.
Some security firms have attempted to use this trait against hackers. The use of decoy systems, for instance, relies on giving hackers what appears to an achievable challenge and then identifying those who take it up.
A second personality trait of hackers is the high level of neuroticism among the group. "Neuroticism", here, doesn't mean 'neurotic' in the everyday sense. Instead, the concept of neuroticism is closely akin to that of emotional stability: hackers, in other words, tend to be emotionally reactive, and tend to seek the adulation of their peers.
This trait has also become an important part of systems that aim to identify hackers. Some systems scan message boards for emotionally intense language, which can be an indication of someone who will try and cause harm to a system. This can help in identifying potential hackers before they have a chance to do any real harm.
Hardening Your Defenses
In order to defeat network hackers, it pays to think like them. It’s worth noting that many hackers are just as motivated by fame as money. This means that scanning message boards for mentions of your company can be an effective way of identifying risks. You should also make sure that you are clear about just how many systems you have that are vulnerable to attack: it’s no good securing your email systems if your VOIP system offers up gaping security holes to whoever wanders past.
It’s also worth trying to hack your own system, and this is the basis of white hat pen testing. If you were going to try to get into your own network from the outside, how would you do it? Think like a hacker. Pay particular attention to services that are so much a part of your daily routine; they seem innocuous. Even the most-highly recommended web hosting services, ones who should know better, can slip up when it comes to hack-proofing their product. The same goes for your email system and any marketing tools you have installed. Compile a list. Check it twice to make sure you close any security holes. You can also have a look at our four tips to make your network security worse, and make sure that you don’t take those tips!
It’s also worth thinking about the wide range of hacker types and making sure that you are protected against all of them. While preventing sophisticated corporate espionage might be your priority, don’t forget that a kid sat in their bedroom can also be a real nuisance. They might not do any real damage, but even if they manage to shut your system down for a day, that equates to a lot of lost revenue. Often, for this type of low-level hacker, scaring them off is the best approach: make a decoy system, and then tell them that you can see them trying to hack it.
The Bottom Line
Ultimately, the stereotype of the hacker might not be very useful. Rather than looking out for cybercriminals in hoodies, security pros should realize that the average hacker looks a lot like them.
This makes them harder to spot, of course, but also comes with a huge advantage: it makes it easier to think like them and to anticipate how they will try to attack your systems. Armed with that knowledge, you can protect your network before an attack even begins.
Senior stakeholders who want to hold on to their CISOs must ensure that they have sufficient incentives and, more importantly, support to cope with the burden of risk that they are carrying.
The most alarming takeaway from Cisco’s new Cybersecurity Readiness Index report is that even after decades of having the importance of cybersecurity driven home, cyber threats are still taken too lightly.
In today’s data-driven world, higher educational institution networks and their management must be modernized to address the needs of everyone across campus. Enterprises face similar challenges and also need to modernize their networks.
