Why adopting the hacker mindset can make your company more secure
19 July 2016
3 min read
High-profile hacks have highlighted the significant risks that exist in the digital world today. Yet while news outlets focus on the negative effects of cyber security, innovative companies are finding creative new ways to remain secure, without locking their people down with complicated IT policies and draconian data restrictions.
Companies moving fast with stable security are also those leading the way in cyber-security innovation.
Hidden behind Google’s Vulnerability Reward Program is a simple idea. If you handsomely reward hackers who find a bug or issue with your software, then it’s more likely they will flag the problem to you than sell the vulnerability to a malicious crime syndicate.
This approach has been so successful for Google in the past that it has recently announced a pool of “infinity million dollars” to pay out to hackers who report issues with Chrome.
While bugs and security holes are traditionally seen as failures within a business, bug bounty programmes redefine these as opportunities for hackers to test their bug-finding abilities. For most organisations, it is more economical to pay out bug bounties than to hire full-time security professionals.
Hire the hackers
Defcon is the largest hacking convention in the world. Held every year in a Las Vegas hotel, the only way to attend is to turn up and pay cash on the door.
The conference hall, filled with lock-picking tools and Wi-Fi snooping equipment, seems an unlikely place to find a respectable corporate company. Last year, though, Tesla – the electric car manufacturer with revenues of $3.2 billion – was one of the few such firms with a public presence at Defcon.
As technology has resulted in every company becoming a software company, hiring hackers has become relevant for organisations without exception. The operation of a Tesla car, for example, depends on millions of lines of code – all of which present unique security challenges.
If you employ hackers whose primary objective is to gain unauthorised access to your own systems, you can be more confident that external hackers will find it difficult to do the same.
Make cyber security fun
Mention cyber security to someone in your organisation and, most likely, they’ll respond with a yawn. IT policies and security restrictions are often seen as restrictive and a barrier to innovation. Coupled with the fact that personnel within an organisation tend to be the easiest targets for hackers (especially those with weak passwords), one of the challenges for business is to engage people with cyber security in a fun and memorable way.
This is exactly the approach that the customer relationship management company Salesforce took, creating an entire world of points and rewards. Before business security training, around 30 to 60 per cent of the staff will be susceptible to phishing emails.
After training, this rate falls to around 5 per cent. By offering badges, points and rewards, Salesforce was able to change cyber-security training from something that employees dreaded to an experience they looked forward to.
A focus on security engagement, rather than security itself, is key for ensuring that cyber-security policy results in action within an organisation. As we’ve seen, using innovative methods to secure yourself and your business creates an opportunity to move fast.
It is this positive hacker mindset and culture of experimentation that is finding its way into mainstream thinking. ‘Hack days’ are a common means for firms to come up with new ideas, not least because they allow for rapid prototyping.
Hacks don’t need to be technical or complicated to be creative. Ikea hacks encourage owners to repurpose their furniture and share their light-bulb moments with other like-minded customers.
The hacker mindset is one of curiosity and imagination. It is about not following the instructions, not sticking to the design. It doesn’t matter if it fails or breaks, the enjoyment is in the experimentation.
It is a trait we see in young children, but one that is conditioned out of us as we mature.
Fortunately, not everyone grows out of this curiosity to think differently and hack stuff together.
In the 1970s, a young man in the US found that a kid’s toy whistle given away in a packet of cereal gave off the exact frequency that when blown down the receiver of a payphone would connect the call free. That man hacked together a device that played that frequency and briefly (and technically illegally) sold it on his university campus.
That man was Steve Jobs.
Decoded is the world’s leading technology educator – transforming workforces under a shared understanding of code, data, hardware, innovation and cyber security.
By Richard Peters, co-CEO and co-founder, Decoded