The word ‘hacker’ usually describes someone who breaches a computer system with criminal intent. But, in the interests of cybersecurity, teaching your employees to think like a hacker will actually empower them to protect your business, writes Marten Mickos, for Harvard Business Review.
As CEO of the ethical HackerOne organisation for trusted hackers, he rejects the media view that all hackers are intrinsically bad. Preferring the original definition of a hacker as someone skilled in computer programming, he insists that they are “the model citizens of the digital era”.
As enquiring and determined individuals, hackers are at the forefront of technology, breaking down its mysteries, as well as recognising its limitations: “They stand up for what they believe in and they want the world to be a safer place,” Mickos writes.
EMBRACING THE HACKER MINDSET
Hackers’ acute awareness that computers can be used as a negative force, and their conviction that software is always capable of more, spurs them to look for vulnerabilities and test them.
This is a mindset company leaders should encourage among their employees. As well as improving security, it will encourage them to be more inquisitive and imaginative – qualities that are particularly relevant and useful with the rise of artificial intelligence and automation.
Expanding employees’ knowledge beyond the basics of password security and basic protocols can have a profound effect, but how can you get your teams engaged?
1) Encourage creative learning.
Suggest your employees get involved in hackathons or hack days to stretch their minds, improve observation skills, and problem solve.
Set up hands-on competitions and games that prompt employees to consider cybercrime and how it could happen in your organisation.
- Mock up and act out a cyber incident so staff will be more mindful of what could potentially go wrong.
2) Share incident findings and analysis.
Create communal purpose and break down silos by inviting teams to share information and observations when any significant incidents occur, cyber or not. This fosters a closer and more aware community that is “more likely to detect and respond to threats”.
When cybersecurity is threatened, let security teams report to a wider group of employees on what happened and how they tackled the problem.
- “When industries are hit by major cyber attacks (like WannaCry) or vulnerabilities (like Heartbleed), the security team should actively circulate updates and information with the entire company and also host open Q&As for those who want to learn more.”
3) Broaden communications.
If employees are encouraged to work across departments and teams, there will be an improvement in overall communication, as well as fresh energy for problem solving.
- Bring in outside experts to help define cybersecurity vulnerabilities in your company.
Thinking like a hacker is a skill all employees of the future will need to learn as rapid advances in technology continue and cyber protection becomes ever more crucial. Empowering your teams now will ensure your company’s security is ahead of the game.