The typical image of a hacker is flawed, writes Tom Van de Wiele of WithSecure. This is a problem because many businesses could benefit from skilled and ethical hackers.
Pop culture has long manufactured the image of a hacker in the minds of the masses.
According to popular movies such as The Girl with The Dragon Tattoo and The Matrix, hackers are usually teenagers wearing black hoodies, listening to techno music and sitting in a dark room surrounded by flashing screens. They are usually shown hacking into high profile organizations like the FBI or CIA, which they seem to do in minutes.
Given how movies portray hackers, it’s no surprise that the word “hacker” was coined as a negative term.
However, what is more concerning is that companies have embraced this stereotype without considering the full spectrum of what it means to be a hacker. Most companies don’t want to associate themselves with the term because they perceive hackers as an illicit group that will only tarnish an organization.
Hacking, in reality, is a skill that takes practice and education to master. Like most skills, hacking can be used for good or evil. Much like being a locksmith, it depends on your knowledge of the law and your moral compass to know when and how to use your skills and not endanger others.
Unfortunately, someone who knows a lot about computers and networks and is able to channel his knowledge and experience for any purpose in a moral and ethical way is always portrayed as a caricature, because how can can we visualize the difference between an average computer and an expert computer differently? user.
After being a hacker for twenty years, these stereotypes are gradually disappearing, but they are still present for media productions. The perception perpetuated by the pop media is not only misleading for security professionals, but also for companies that could benefit from a hacker’s expertise.
Who is a Hacker?
Hacking requires knowledge and experience as well as preparation, whether criminal or ethical. Hacking as a skill is much more than buying a technical gadget or “hacking tool”, or being a technical expert or even being able to code. A person needs to have a “hacker mindset,” which means being curious, passionate, and having a borderline obsessive interest in how things work.
The essence of what we do is to know the ins and outs of a system. Knowing where and how things fit together in a system allows us to see where the obvious cracks are. While some people choose to use this knowledge to protect the system, others choose to take advantage of it by attacking.
Criminal hackers, or “threat actors,” are usually misrepresented as loners sitting in a basement and carrying out criminal activities. What most people often don’t realize is that these hackers are usually employees much like us, with managers and budgets. They work as a team to launch campaigns, research potential targets and plan different types of attacks.
In the cybersecurity industry, we have seen attack methods improve dramatically while becoming more affordable. This is largely due to the fact that attackers don’t usually practice specific skills in isolation, rather they work as a community. This means they share and steal resources from each other, honing their skills and exploring different ways to use vulnerabilities.
What is the profession of ethical hacker?
One of the primary responsibilities of an ethical hacker is frequent threat modeling.
This means analyzing a company’s systems and applications to identify structural vulnerabilities that could create a potential threat. They will also be able to map a potential attack surface and identify how prepared the digital infrastructure is to handle the inevitable attacks, without disrupting the real computing environment.
This role involves many analytical aspects, as it is their primary responsibility to understand how effective and controlled a company’s defense is against its competitors.
Additionally, ethical hackers engage in the interplay between threat modeling and editing to understand what an attacker might do based on the perceived attack surface – i.e. what can be attacked and might produce something interesting or valuable. All of this helps prepare the organization’s defenses accordingly.
How can an ethical hacker add value to an organization?
Criminal gangs face countless attacks in the industry every day, which has secured them a permanent place in the spotlight. Therefore, an employed ethical hacker will attempt to identify and understand vulnerabilities in a system, using their skills to protect your organization rather than destroy it.
Ethical hackers tend to walk the line between ethical and unethical worlds. They know the law and therefore understand what is acceptable and unacceptable. Ethical hackers understand how and what criminal gangs think, which is one of the most valuable skills for any business.
Hiring a qualified ethical hacker on the security team will put your company in a better position to not only predict potential threats, but also align your defenses accordingly. The main objective of any ethical hacker would be to stay one step ahead of your business before an online incident occurs.
The idea behind it is that if a criminal gang assesses your infrastructure and deems it too robust, meaning they would need more resources to complete an offense, they will likely ignore you. It is impossible to create an impenetrable system, but ethical hackers identify where the cracks in the system are and stop potential opportunities for attacks, reducing the possibility of a breach. That’s the real value of having a hacker on your side.
To sum up, ethical hackers have an intense job that requires us to work with a team that implements creative solutions to fight creative threat attacks.
There is still a lot of work to be done to shed these previously imposed perceptions of what a hacker is. An ethical hacker has the power to make a difference in an organization’s security structure and protect the business and even society as a whole.
It’s a good time to break stereotypes and go beyond them.
By Tom Van de Wiele
Tom Van de Wiele is a senior threat and technology researcher at cybersecurity firm WithSecure. He has extensive offensive security experience and is responsible for conducting and validating threat research while exploring potential protective capabilities within current and new technologies, privacy and other security-related areas. cybersecurity.