Skip to main content
close search
site logo
Dive Brief

To suss out hacking, hire people who think like hackers, say security experts

Published June 7, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
iAMMrRob/Pixabay

Dive Brief:

  • In many ways, the traits of a hacker are what a security employer should want to see on a resume. Typically hackers have "a creative, aggressive view of technology," said Jesse Krembs, security practitioner, speaking at the Gartner Security & Risk Management Summit in National Harbor, Maryland on Wednesday.

  • Companies looking for external security assistance, like in bug bounty programs, should start building those programs internally, said Rob Fuller, hacker, while speaking Wednesday. Companies "can employ the hacker mindset" to help change the "attributes of technology" that will better defend against malicious hackers who try to change the attributes of reality.

  • Security begins when organizations move beyond thinking "someone won't do it that way," said Fuller. To avoid vulnerabilities arising beyond the development phase, train DevOps with adversarial ideas. DevOps can make it so much harder, if not impossible, for hackers to get into a system that is constantly changing.

Dive Insight:

Hackers who defy the black hoodie stereotype can be difficult to suss out, said Krembs, but you know one when you see one. Having a constantly moving target in the form of security-enabled DevOps and automatic updates will help stave off threats.

But a hacker's strongest tool with leverage is human nature. Humans are essentially the low hanging fruit for bad actors. Hackers undermine reality through technology and people fall prey to these actors "not because they're stupid, it's because they're human," said Perry Carpenter, chief evangelist and strategy officer of KnowBe4, Inc. while speaking at the conference.

Hackers looking to exploit how humans "orient" themselves are likely to achieve their objective, according to Carpenter. And this often means that a change in the security culture of DevOps alone is not enough.

The criminality of hackers comes from having a destructive objective that overlooks someone's "personhood," which gives them the green light to commandeer human emotions. Frontline employees are the most vulnerable to this type of manipulation, which can put a whole infrastructure at risk.

Phishing schemes increased by 65% in the last year and the ones that are most successful do not allow the victim to think. Instead, they feed on fear, curiosity, greed or urgency. Fraudulent emails from organizational superiors like CEOs are often successful and cost companies about $5.3 billion the last year years.

In those types of phishing schemes, hackers are able to manipulate a human's innate desire to avoid the "uncomfortableness" of saying no or "feeling incomplete" when unable to do something that is asked of them, according to Carpenter.

Filed Under: Security, Leadership

Editors' picks

Company Announcements

View all | Post a press release
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell