This security awareness and training module updates a topic we haven’t covered in depth for a few years. The hacking risks have changed perceptibly in that time, and no doubt will continue evolving indefinitely.
Hackers range between fabulous allies and dastardly opponents, depending on their skills and, in particular, their ethics and motivation. They are the good, the bad and the ugly of information security.
At the good end of the scale, white-hat hackers are actively exploring and expanding IT. Hacking, for them, is a deep fascination with technology, and a willingness to share their passion with the wider geek community. Good hackers are generally obsessive but benevolent, at worst benign. Good hackers are mortified if they inadvertently cause damage.
Bad hackers are also fascinated with technology, but more selfish in nature. They enjoy themselves poking around in systems on the Internet, not worrying too much about any damage they cause along the way except in so far as it increases the possibility of them being caught and prosecuted. To them, victims are “asking for it” if they don’t adequately secure their systems and information.
Ugly hackers, sometimes known as crackers, are shamelessly if covertly operating on the criminal Dark Side. They are the black-hats, overtly malicious or malevolent, earning a living by defrauding, stealing or coercing assets from individuals and organizations with no sense of guilt. Due to the illegality of what they do, ugly hackers are extremely concerned, verging on paranoid, about staying undetected and not being apprehended by the authorities, to the extent that they have no qualms about deliberately destroying victims’ IT systems (and hence their businesses) in order to avoid leaving traces of forensic evidence (known as “scorched earth”). These are the guys working for criminal gangs, terrorists, and most dastardly of all, “foreign superpowers”.
- Introduce hacking, providing general context and background information;
- Describe and characterize hackers, crackers, social engineers, fraudsters, scammers, script-kiddies, makers, penetration testers and so forth;
- Expand on the information risks in this area and the associated security controls;
- Motivate people to think - and most of all act - more securely.
Your learning objectives may be different so please think about what you want to achieve by raising awareness of this topic, customizing the awareness and training materials accordingly. That's why we supply them in customer-editable form.
Tips on resisting the efforts of hackers, crackers, industrial spies, insider threats, scammers, criminals, spooks and other adversaries attempting to exploit network, software, hardware, physical and human vulnerabilities.