Why? The future of human work is imagination, curiosity, creativity and resourcefulness. Whether you believe it in many ways, ethical hackers are the model citizens of the digital era. They are creative, persistent and resourceful. They think in digital terms and have a curiosity and drive to figure out how technology works. They view every problem as an opportunity. They stand up for what they believe in and they want the world to be a safer place.
That’s why it is so important for companies to start cultivating the hacker mind-set inside their own organization today. Not only can it change the way employees view and value cybersecurity, which leads to better security across the entire organization, but it can also help your work force become more curious and resourceful—two of the most valuable skills in a future with widespread artificial intelligence and automation.
Remember, humans are strategic, machines are tactical. The more technical work, the more technology can accomplish it. On the other hand, work that requires a high degree of imagination, creative analysis and strategic thinking, is harder to automate. Accenture Strategy, in its report “Reworking the Revolution,” posed the question: Are you ready to compete as intelligent technology meets human ingenuity to create the future work force?
Here are a few ways companies of any size can start teaching their workforce to think like (ethical) hackers:
■ Encourage employees to attend hackathons—even if only to observe or learn. These events give people a chance to take a step back from their day-to-day work for a moment and think creatively to solve problems, which is what ethical “hacking” is all about.
Acting out a breach scenario can help employees, technical or not, better relate to organizational risk and inspire a new level of mindfulness when it comes to cybersecurity.
■ When you break down the silos that exist across teams in so many companies (still) today, it helps build community and create a shared purpose, which are powerful defenses when it comes to cybersecurity. It helps create a more vigilant work force that is more likely to detect and respond to threats. This is especially important with security teams. When there is an incident, they should debrief a broader group on what happened and how they responded.
■ Even if your security team is the best in the business, the reality is that all humans are fallible. When the same people are looking at the same code-base or dashboard every day, it is only a matter of time before something important gets overlooked. That’s why the most security-conscious organizations look for help outside themselves, i.e., inviting talented and trusted outside security experts to help identify vulnerabilities.
Before you start hiring hackers, it may be worthwhile to look at the “2018 Hackers Report” that surveyed 1,698 respondents. Here is what the authors of the report found interesting:
■ On average, top-earning hacker/researchers make 2.7 times the median salary of a software engineer in their home country.
■ Money is one of the top reasons why bug-bounty hunters hack, but it’s fallen from first to fourth place. Most of the participants say their motivation is the opportunity to learn tips and techniques. The second-most popular reason was evenly split between “to be challenged” and “to have fun.”
■ Over 35 percent of the participants consider vulnerability hacking a hobby. Of those surveyed, 12 percent have an annual income from bug bounties of $20,000 or more, with 3 percent earning more than $100,000 per year, and 1 percent making over $350,000 annually.
■ India (23 percent) and the US (20 percent) are the top 2 countries represented in the survey group.
■ More than half of the respondents studied computer science at an undergraduate or graduate level, with 26 percent studying computer science in high school.
■ Nearly all of the members of the Hacker community are under the age of 35, with a majority (45 percent) between 18 and 24 years old.
Back to the Accenture Strategy Report: it makes three recommendations for business leaders:
The first: Reimagine work—Assess tasks, not jobs; then allocate tasks to machines and people, balancing the need to automate work and to elevate people’s capabilities.
Second: Unlock new forms of value—Encourage an open culture and experimentation, which allows people more autonomy and decision-making power, and foster a “new leadership DNA,” which will create leaders out of employees at all levels.
Third: Scale up “new skilling,” using a suite of innovative digital learning methods—Prioritize entering the new world where human ingenuity meets intelligent technology to unlock new forms of growth; understand that workers are impatient to collaborate with artificial intelligence.
As I said, you need hackers!!!
As our data privacy and cybersecurity teams are digging deeper in exposing the gaps and recommending how to close the gaps, the focus on ethical hackers gains importance. Where to we find them, how do we attract them?
Comments are welcome; contact me at Schumacher@eitsc.com.
Flashback: On July 11 I wrote about ‘Open Government Partnership – Part of Fighting Corruption’ and made extensive reference to reports prepared by the Independent Reporting Mechanism (IRM) of the local Open Government Partnership implementation group. The reason why I used the IRM source is that the Integrity Initiative is part of the Civil Society Groups supporting the OGP Program and the reporting of the IRM. In fact, the Integrity Initiative has added progress information to the latest IRM report.
Image credits: Yakthai | Dreamstime.com