In many ways, the traits of a hacker are what a security employer should want to see on a resume. Typically hackers have "a creative, aggressive view of technology," said Jesse Krembs, security practitioner, speaking at the Gartner Security & Risk Management Summit in National Harbor, Maryland on Wednesday.
Companies looking for external security assistance, like in bug bounty programs, should start building those programs internally, said Rob Fuller, hacker, while speaking Wednesday. Companies "can employ the hacker mindset" to help change the "attributes of technology" that will better defend against malicious hackers who try to change the attributes of reality.
Security begins when organizations move beyond thinking "someone won't do it that way," said Fuller. To avoid vulnerabilities arising beyond the development phase, train DevOps with adversarial ideas. DevOps can make it so much harder, if not impossible, for hackers to get into a system that is constantly changing.
Hackers who defy the black hoodie stereotype can be difficult to suss out, said Krembs, but you know one when you see one. Having a constantly moving target in the form of security-enabled DevOps and automatic updates will help stave off threats.
But a hacker's strongest tool with leverage is human nature. Humans are essentially the low hanging fruit for bad actors. Hackers undermine reality through technology and people fall prey to these actors "not because they're stupid, it's because they're human," said Perry Carpenter, chief evangelist and strategy officer of KnowBe4, Inc. while speaking at the conference.
Hackers looking to exploit how humans "orient" themselves are likely to achieve their objective, according to Carpenter. And this often means that a change in the security culture of DevOps alone is not enough.
The criminality of hackers comes from having a destructive objective that overlooks someone's "personhood," which gives them the green light to commandeer human emotions. Frontline employees are the most vulnerable to this type of manipulation, which can put a whole infrastructure at risk.
Phishing schemes increased by 65% in the last year and the ones that are most successful do not allow the victim to think. Instead, they feed on fear, curiosity, greed or urgency. Fraudulent emails from organizational superiors like CEOs are often successful and cost companies about $5.3 billion the last year years.
In those types of phishing schemes, hackers are able to manipulate a human's innate desire to avoid the "uncomfortableness" of saying no or "feeling incomplete" when unable to do something that is asked of them, according to Carpenter.