Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Why we survey a bunch of hackers at Black Hat every year

Written by Becca Stucky

September 30th, 2014

At Black Hat USA every year, we conduct a survey of self-identified “black hat” hackers. Why’d we do it? Because it’s not every day that you can get an insider perspective on the thought process and motivation behind today’s black hat hacker.

Black Hat vs White Hat vs Awesome Programmers

We have to caveat this with a little perspective, because people define “hacker” a lot of different ways.

You’ve got Black Hat hackers—criminal hackers, who are mostly up to no good. Are they out to do something “bad” or “hurtful”? Possibly, but not always. Some people may consider themselves a Black Hat hacker if they are gaining access to a network just for the thrill. They may not actually steal data or do anything malicious. Does that make them criminals? It’s up for debate. Many people say a resounding “yes,” but others believe if they don’t do any harm, it’s more like standing in an empty park at night after it’s closed, when the gate was open.

You’ve got White Hat hackers, who are definitely the good guys. These hackers are paid by companies to purposefully find security holes in order to fix them. They are on payroll at companies as full time employees, consultants, or they work for pen testing firms. I like to think of them as the white knights of cyber security, wouldn’t you agree?

You’ve got awesome programmers, who hack together code in fast and unique ways to solve complicated problems.

So, what do our hackers have to say?

We definitely received some interesting results. Take a look through our collection of survey feedback. You might be shocked:

Let’s focus on the idea of never getting caught. When we first released a report, that was the most commonly syndicated statistic of the survey, probably because of its blatant relevancy to the recurring “customer data breach” headline blitzing the media every week (how many times has your credit card been replaced this year?). But let’s be brutally honest; as often as breaches have been monopolizing news headlines, they’re only a tiny fraction of what’s actually happening. Of those publicized, how many have found their hacker without the hacker coming forward?

Considering the number of incidents reported versus the number of hackers who prefer to lurk quietly, it’s not surprising that even hackers believe their own data is at risk. Here are people with the best insight into how to gain unauthorized access. They of all people should be able to protect themselves!

The thing is, that’s just not true. People can and do hack personal computers, but the real risk to a hacker’s personal information is in corporate data storage. Just like the rest of us, if they shop in stores, use social media, go to the doctor, or use a bank, they are trusting a company with their information. When talking about personal information stored by companies, hackers are at the same risk as everyone else that their data could be compromised.

What makes IAM, PIM, PAM and the other acronyms so confusing?

Get the answers—and check out our interactive ACRONYM DICTIONARY

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS