Macrocosm: Beat Them at Their Own Game, Using Hacking to Defeat Hackers

Since the late 1990s, every aspect of our lives has slowly become digitalized. We can now purchase almost anything online and reasonably expect it to get to us within a few days or even hours. The convenience of online banking and services such as apple pay have started to kill off cash. The abundance of streaming services means we can watch any movie or TV show or listen to any song whenever we want, wherever we want. Social media influencer and YouTuber have become a legitimate and lucrative form of employment. We use dating apps and online dating services to meet new people and form romantic relationships. We are in constant communication with others, even those in different states and countries, using text, email, and online forums to stay connected. 

With the push towards technology, we are sharing more and more of our personal information on the internet. All of this sensitive data is stored on hard drives and web servers across the globe. Like valuables stashed in a bank vault are susceptible to the occasional heist, all of the information we share online can also be stolen by bad actors. The scary thing is: hackers strike a lot more often than bank robbers.

What is Hacking?

Someone in a black hoodie sitting in a small, dark room hunched over a desk hastily typing into a keyboard. Thanks to movies and TV shows, this is what most of us imagine a hacker looks like. In actuality a hacker can be anyone, anywhere. A licensed professional with a degree in computer science, an amateur educated through the University of Google, or programmed AI. Hackers use their understanding of computer software to sabotage and bypass cybersecurity defenses on digital devices and even entire networks. Hacking is an umbrella term used to describe techniques used to steal classified information including: ransomware, viruses, malvertising, Trojans, spam, and data breaches.

In internet slang hackers are differentiated by the shade of metaphorical ‘hat’ they wear: white, black, or gray. These labels are an homage to the Spaghetti Westerns of the 1960s in which the protagonist usually donned a white cowboy hat, and the bad guy sported a black cowboy hat. The hat a hacker wears is usually dependent on the legality of their work and the motivation behind it.

Black hat hackers are the ones we typically see headlining the news. Their motives can range anywhere between thrill-seeking to financial gain. Because they don’t have permission to infiltrate the systems they target, their work is completely illegal. On the cybersecurity frontier, these hackers are Scar from The Lion King, always trying to take what’s not rightfully theirs.  

Commonly referred to as ethical hackers, white hat hackers are the quintessential ‘good guys’. If black hat hackers were Thanos, then white hat hackers would be the Avengers. White hats are hired by organizations to find vulnerabilities before they can be exploited by black hats. Their work results in improved cybersecurity systems and better protected data.

As with everything in life, hacking isn’t always simply black and white. That’s where gray hat hackers come in. They too look for security issues, but they do so without the owner’s consent. If successful, they will share their discovery and offer to fix the issue for a small fee. Think of gray hats as the vigilantes of the internet. Is what they do legal? No, not at all. But what they do benefits everyone.

We Need More Ethical Hackers

In 2017, the credit reporting agency, Equifax, announced that its systems had been breached compromising the sensitive personal data of 148 million Americans. That’s 148 million names, birthdays, credit card numbers, credit card expiration dates, and even social security numbers. In 2014, Sony Pictures Entertainment was hacked by a group identifying themselves as the Guardians of Peace. The group leaked thousands of emails and multiple unreleased films. Widely believed to be associated with the North Korean government, the hackers threatened terrorism on movie theaters premiering The Interview, a comedy about two American journalists recruited by the CIA to assassinate Kim Jong Un. Recently, intelligence agencies in the US, UK, and Canada reported that Russian intelligence hackers had attempted to steal information on developing COVID-19 vaccines. Cyberattacks are ubiquitous and expensive, on average they cost their victims over $1 million. In the 5 years between 2019 and 2023, organizations worldwide are set to lose $5.2 trillion from cybercrime. As new technologies emerge, attackers will evolve and adapt their techniques, leaving our IT systems in a constant state of threat. 

IT systems are used by every company, government organization, and educational institution to carry out operations and process essential data. Yet, on average only 5% of the information companies store is properly protected. Hackers attack every 39 seconds, more than 2,000 times a day, and organizations are desperately trying to get ahead of them. As companies struggle to keep up with these rampant cyberattacks, they should remember that “to know your enemy you must become your enemy”. 

Ethical hackers employ the same methods as malicious hackers, so they are able to understand how attackers approach cybersecurity systems and which vulnerabilities they look for. Essentially, they can examine IT systems from a hacker’s perspective, because they too are hackers. Cybersecurity defenders are encouraged to adopt the same mindset as criminals, even going so far as to role play in an exercise called penetration testing. Ethical hackers are one of the best investments organizations can make because their preventative measures could save millions of dollars.

There is a critical need for ethical hackers, however, misconceptions surrounding the practice and undervaluing of cybersecurity has left many positions unfilled. Unfilled cybersecurity jobs are on pace to reach 1.8 million by 2022 and 82% of employers worldwide are currently experiencing a shortage of cybersecurity skills. Demand is so high that nearly half of the cybersecurity workforce is actively solicited to consider positions at other organizations at least once a week. So, why aren’t more individuals taking on the profession?

Despite growing up in the tech era and showing a strong attraction to IT, only 9% of millennials are interested in a cybersecurity career. The reason: most millennials are unfamiliar with the industry and educational opportunities are limited. Only 6% of ethical hackers have actually completed a formal class or certification, 81% say they learned their craft solely through blogs and educational materials found online. It’s not entirely their fault, most academic institutions, including the top 50 computer science programs in the US, lack cybersecurity-specific courses. Only 42% offer three or more of these types classes to undergraduate students.

Deficits in education, must be addressed before cybersecurity practitioners can actually begin working. As a result, many organizations are having to provide extensive on-the-job training. Potential employers also note that college programs aren’t giving students enough hands-on experience and new graduates often lack necessary soft skills like teamwork, problem-solving, and communication. Expanding course catalogs to include specialized courses could persuade millennials and future generations to join the industry. A move that would undoubtedly begin to fill the gaps in the cybersecurity workforce.

The Burden on Technology

Cybersecurity threats cast a dark shadow over the Tech landscape. Until we can reduce disparities in the information security workforce, every piece of emerging technology will also have to face this burden. We cannot take full advantage of technology if we can’t completely trust it. White hat hackers could be our knights in shining armor, defeating lurking threats before they can cause serious damage. It’s just a shame there aren’t enough of them. It’s up to educational institutions and employers to change that. Fostering an appreciation for hacking and challenging misconceptions surrounding the practice starts in the classroom. Although companies are desperate, they are also being too picky, valuing traditional skills over practical ones such as creativity and curiosity. Technology has made our lives much easier, but it seems to have done so at the expense of our security.