Why should you employ hackers?
In many ways, ethical hackers are the model citizens of the digital era. They are creative, persistent and resourceful. They think in digital terms and have a curiosity and drive to figure out how technology works. They view every problem as an opportunity. They stand up for what they believe in and they want the world to be a safer place.
That’s why it is so important for companies to start cultivating the hacker mind-set inside their own organization today. Not only can it change the way employees view and value cybersecurity, which leads to better security across the entire organization, but it can also help your workforce become more curious and resourceful – two of the most valuable skills in a future with widespread artificial intelligence and automation.
Here are a few ways companies of any size can start teaching their workforce to think like (ethical) hackers:
* Encourage employees to attend hackathons – even if only to observe or learn. These events give people a chance to take a step back from their day-to-day work for a moment and think creatively to solve problems, which is what ethical ‘hacking’ is all about.
Acting out a breach scenario can help employees, technical or not, better relate to organizational risk and inspire a new level of mindfulness when it comes to cybersecurity.
* When you break down the silos that exist across teams in so many companies (still) today, it helps build community and create a shared purpose, which are powerful defenses when it comes to cybersecurity. It helps create a more vigilant work force that is more likely to detect and respond to threats. This is especially important with security teams. When there is an incident, they should debrief a broader group on what happened and how they responded.
* Even if your security team is the best in the business, the reality is that all humans are fallible. When the same people are looking at the same code-base or dashboard every day, it is only a matter of time before something important gets overlooked. That’s why the most securityconscious organizations look for help outside themselves – i.e., inviting talented and trusted outside security experts to help identify vulnerabilities.
Before you start hiring hackers, it may be worthwhile to look at the ‘2018 Hackers Report’ that surveyed 1,698 respondents. Here is what the authors of the report found interesting:
* On average, top-earning hacker/researchers make 2.7 times the median salary of a software engineer in their home country.
* Money is one of the top reasons why bugbounty hunters hack, but it's fallen from first to fourth place. Most of the participants say their motivation is the opportunity to learn tips and techniques. The second most popular reason was evenly split between "to be challenged" and "to have fun."
* Over 35 percent of the participants consider vulnerability hacking a hobby. Of those surveyed, 12 percent have an annual income from bug bounties of $20,000 or more, with 3 percent earning more than $100,000 per year, and 1 percent making over $350,000 annually.
* India (23 percent) and the US (20 percent) are the top two countries represented in the survey group.
* More than half of the respondents studied computer science at an undergraduate or graduate level, with 26 percent studying computer science in high school.
* Nearly all of the members of the Hacker community are under the age of 35, with a majority (45 percent) between 18 and 24 years old.
As our data privacy and cybersecurity teams are digging deeper in exposing the gaps and recommending how to close the gaps, the focus on ethical hackers gains importance. Comments are welcome; contact me at Schumacher@eitsc.com