The recent global ransomware attack WannaCry devastated over 150 countries including Australia, with 12 victims confirmed to have been hit by the attack. While this number is only a glimpse into this particular ransomware’s affect, it is still an accurate reflection of vulnerability. Evidently, the cyber landscape is now a battleground.
If we take a step back and also look to previous security incidents, we’ve also endured the malware attack on Australia's Bureau of Meteorology in 2015 and the Menulog data breach, which saw 1.1 million records of customer names, addresses, order histories and phone numbers exposed.
It is because of these attacks that businesses are now shifting their attitudes and responses in regards to cybersecurity. In fact, Australia's Turnbull Government announced in the 2017 budget that the Bureau of Meteorology will receive an additional $200,000 in funding for improved security and resilience following the 2015 cyber-attack.
While this is of course, a welcome change, the cyber landscape is still an increasingly complex sector and private enterprises and public entities are looking for additional ways to better protect information and preserve the integrity of their data. In fact, people are now being recognised as a powerful tool to solve these problems. As such, the negative perception surrounding hackers is shifting.
Ethical hackers are now one of the most important and effective tools at strengthening collective security and making the cyber landscape safe and accessible for all. And as we look to hackers for help, it’s natural for us to wonder – what makes a great hacker?
Anatomy of a hacker
Through technology, it is possible to become a good hacker, but hard to become great. Great hackers have four critical personality traits – they are social, curious, adaptable and motivated.
Great hackers have a natural curiosity. They continually ask why a certain system works the way is does, how an organisation operates, what the responsibilities of their victim are or their psychology – until they get down to the very root of that technology or person. Assumptions and opinions that have not been vetted through curiosity are a sure-fire way to be unsuccessful, or worse, get caught.
Time and time again, it is people that have proven to be the weakest link in terms of cybersecurity, and a great hacker recognises this weakness. They invest the time in understanding the psychology of who they are attacking because from understanding how their victim thinks and operates, they can find vulnerabilities to exploit.
To be successful, hackers need to learn from their triumphs and failures, and especially from the community at large. They need to adapt their tactics, techniques and procedures to accomplish what they set out to do and to avoid being caught!
The majority of hackers that people are accustomed to are the ones with malicious intent. However, the hackers that businesses need are those who are motivated to protect the people and organisations that could be potential targets. It’s that very motivation that is the biggest differentiator between who hacks to protect the integrity of data, and who hacks to disrupt it.
There’s no question that given today’s threat landscape, leveraging great ethical hackers to protect the integrity of data and our access to information is a logical way forward. These are the people with the capabilities and these are the people who are able to navigate cyber space and operate within it.
However, like any business decision, we need to ensure that these individuals are not only the right fit for our organisation, but also have a strong moral compass, and ultimately will help make cyberspace safer for all.
Article by Graeme Pyper, regional director, Australia and New Zealand at Gemalto.