[BreachExchange] Hacker vs. Cybercriminals: What’s the Difference and Why It Matters
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Jul 9 19:22:17 EDT 2018
http://nerdsmagazine.com/hacker-vs-cybercriminals-
whats-the-difference-and-why-it-matters/
The term “hacker” is often used as a catchall for anyone who does anything
nefarious online. But saying that all hackers are criminals is like saying
anyone with a gun is a killer – some hackers use their skills for good and
others for bad.
It’s important to draw a distinction between hackers and cybercriminals. In
reality, hackers are one of the best defenses against cybercriminals. If we
didn’t have hackers working on the side of good, the cybersecurity problem
would be much, much worse.
A crucial part of any cyber attack strategy is understanding the nature of
the problem and perpetrators. That way companies can craft an intelligent
defense based on the most urgent and likely threats. As you build your
awareness, learn about the most common types of hackers:
Black Hat Hacker
This is basically just another way to define cybercriminals. Black hat
hackers are computer experts who use their skills for selfish and
exploitative reasons. They spend their time developing new types of
threats, orchestrating breaches and attacks, and finding ways to evade the
law.
Some black hat hackers are relatively simplistic in their means and motive.
They are more like kids committing petty vandalism than hardened criminals.
However, at the other end of the spectrum is organized and well-funded
gangs of black hat hackers. These gangs pose a serious threat because their
tactics are highly sophisticated and hard to defend against. Black hat
hackers and the cyber disruption they create are now a leading source of
risk for all companies.
White Hat Hackers
Some hackers are enamored with computers and networks and want to use their
passion in positive ways. These hackers may be able to break into the
network and steal personal information, but they make a conscious choice
not too. Instead, they show organizations where the gaps and cracks in
their cybersecurity exist. Then they help close those gaps and improve
cyber defenses against black hat hackers.
Hacking is a highly-technical and highly-specialized skill. That is why
hackers are more or less required to fight back against other hackers. It’s
thanks to the work of this principled group that security measures continue
to improve; and security gaps continue to close.
Grey Hat Hackers
Good and bad are often expressed in shades of grey. This group of hackers
is also known as “hacktivists” because of their focus on social or
political agendas. They use the tactics of black hat hackers, often gaining
unauthorized access. But their ultimate goal is closer to white hat hackers
– exposing wrongdoing and contributing to the greater good.
There is a vigorous debate about whether grey hat hacking is ethical or
productive. And, depending on the hacker’s motives, the effect on companies
can be positive or negative. The important thing to understand is that
companies can become targets of these hackers for unexpected reasons. And
when they are targets, intellectual property, and personal communications
could be more important than financial data. This is important to realize
so that all assets are protected from all hackers.
The cybersecurity war is being fought between white hat vs. black hat
hackers. Everyone else has a stake in the game but is largely left to sit
on the sidelines. Companies must do everything to support the good hackers.
But they also must plan for the inevitable instances when the
cybercriminals win.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180709/4d8b3290/attachment.html>
More information about the BreachExchange
mailing list