Hackers look just like you and me

2017-02-09  Cyber Security

When you think of a hacker, what do you picture? As someone who grew up in the ’90s, my go-to mental image was always Boris Grishenko, the bespectacled computer technician from 1995’s James Bond film GoldenEye, known for his catchphrase, “I am invincible!”

Things have only slightly changed 22 years later. Sure, the stereotypical hacker of 2017 might be younger and more prone to wearing feature-concealing hoodies. They might even have a bit of swagger, as in Watch Dogs 2. But they’re still pictured typing green text on a black screen at lightning speed, using expertise the rest of us could never understand in their evil work.

That’s the image Dr Ian Levy, technical director at the National Cyber Security Centre, rejected this week. Speaking at a conference, he warned that attackers’ skills are being hyped up by security firms out to make money by offering their products as The Only Answer™.

Is cyber security glamourised? Certainly to some level. People often assume things they don’t understand are more complicated than they really are, there is a lot of specialist knowledge involved, and people in the sector do spend some time hurriedly typing terminal commands.

But although there is some truth to the hacker stereotype, Levy was right to criticise it, because many aspects of cyber security are very simple. He used the example of the TalkTalk hack, in which a teenage hacker used an SQL injection attack to steal more than 150,000 customers’ personal information, but it gets even simpler than that, both for attackers and for defenders.

Using anti-virus, being careful about email attachments, and not visiting dodgy websites can all go a long way to keeping consumers – and the businesses they work for – more secure. By painting a picture of cyber security as an experts-only field full of high-level nation-state espionage, vendors risk alienating regular users, who will view security as inaccessible to them.

At the end of the day, security isn’t just the responsibility of the IT department – it’s a whole-organisation effort. The more welcomingly it is presented, the more likely it is that those without specialist knowledge will engage with it – and that’s a good thing for us all.

Looking for the comments? My website doesn't have a comments section because it would take a fair amount of effort to maintain and wouldn't usually present much value to readers. However, if you have thoughts to share I'd love to hear from you - feel free to send me a tweet or an email.