Increasingly we look to ethical hackers to help ensure the cyber landscape is safe and accessible for all. But what makes a good hacker?
As the cyber landscape becomes increasingly complex, private enterprises and public entities are looking for ways to better protect information and preserve the integrity of their data, while individuals want to ensure that the internet remains open and provides equal access to information to all. And while there are a number of technologies that are valuable, people are now being recognized as a powerful tool to solve these problems.
As such, the negative perception surrounding hackers is shifting. Most large technology companies run notable bug bounty programs, including Google, Apple and Tesla. Recently the U.S. government has added programs such as “HackthePentagon”and “HacktheArmy,” and the recent Department of Defense Vulnerability Disclosure Policy.
Ethical hackers are now the new white knights, looked upon as strengthening our collective security and making the cyber landscape safe and accessible for all. And as we look to hackers for help, I think it’s natural for us to wonder: What makes a good hacker?
Anatomy of a hacker
In all honesty, it’s not that hard to be a good hacker. The odds are actually in favor of hackers because while the organizations they target have to make sure every tool, system and interaction is secure, the hacker needs to find just that one vulnerability, that one open seam in an organization, that one employee who will click a phishing email to gain access. Through technology, it is possible to become a good hacker, but it’s hard to become great. Great hackers have four critical personality traits: They are social, curious, adaptable and motivated.
Curious: Great hackers have a natural curiosity. They continually ask why a certain system works the way it does, how an organization operates, what the responsibilities of their victim are or their psychology—until they get down to the very root of that technology or person. Assumptions and opinions that have not been vetted through curiosity are a sure-fire way to be unsuccessful or, worse, get caught.
Social: Every hacker attacks technology, but smart hackers attack people—and great hackers know when to do which. Hackers need to be curious about people as much as they need to be about technology. People have proven over and over again to be the weakest link when it comes to security. Verizon’s Data Breach Report indicated legitimate user credentials were used in 63 percent of breaches. Great hackers recognize this weakness and want to understand the psychology of who they are attacking. By understanding how their victim thinks and operates, the hacker can find vulnerabilities to exploit.
The hackers our times need most are those who are motivated to protect the people and organizations that could be potential targets—the ones who are motivated by doing the right thing.
Adaptable: As George Santayana said, “Those who cannot remember the past are condemned to repeat it.” To be successful, hackers need to learn from their triumphs and failures—especially from the community at large. Decades later, there are still buffer overflows, and hackers still get caught because they overestimate their ability to be covert. They need to adapt their tactics, techniques and procedures to accomplish what they set out to do.
Motivated: The hacker that usually makes headlines is the one that has malicious intent—be it their own financial gain, to influence politics, or even to just embarrass their victim. The hackers our times need most are those who are motivated to protect the people and organizations that could be potential targets—the ones who are motivated by doing the right thing. It’s that very motivation that is the biggest differentiator between who hacks to protect the integrity of data and who hacks to disrupt it—which brings me to an important aspect of the need to bolster our cyber defense that is less discussed.
“Wars have never hurt anybody except the people who die.”—Salvador Dali
Being prepared for cyber warfare is the most effective way to preserve peace. Thus, the cyber arms race by nations, states and corporations is necessary, but it needs to be handled with the same level of caution as nuclear arms. We need to have the people with capabilities who can navigate the space and operate within it, as well as relevant technology that’s effective.
However, we need to be extremely judicious about its use. Attacks against national critical infrastructure continue to rise, but thankfully no lives have been reported lost (yet). We should not have hackers who are motivated by greed and power, only those who are motivated by the greater good.
There’s no question that given today’s threat landscape, leveraging great ethical hackers to protect the integrity of data and our access to information is a logical way forward. We just need to ensure these individuals have a strong moral compass and ultimately will help make cyberspace safer for all. We all need to contribute in playing whatever part we can—to educate, train, join forces or simply encourage such global citizens.
So, are you in?