What Is a Hacker?

How does hacking work?

Hackers breach defenses to gain unauthorized access into computers, phones, tablets, IoT devices, networks, or entire computing systems. Hackers also take advantage of weaknesses in network security to gain access. The weaknesses can be technical or social in nature.

• Technical weaknesses: Hackers can exploit software vulnerabilities or weak security practices to gain unauthorized access or inject malware, for example.
• Social weaknesses: Hackers can also use social engineering to convince those with privileged access to targeted systems to click on malicious links, open infected files, or reveal personal information, thereby gaining access to otherwise hardened infrastructures.

What makes someone a hacker?

Much of today's computer hacking has been automated--which is why it currently poses such a threat to Internet security. Some hackers are still highly trained technical professionals, but others are much less skilled and are able to launch successful attacks simply by buying attack tools.

• Hacker demographics: It used to be the case that hackers were often teenagers trying to break into prominent organizations simply to gain notoriety. But today's hacker community is far more diverse and is made up of individuals with many different motives.
• Hacker motives: Some of the leading motives for online hacking are financial gain, activism, corporate espionage (spying on competitors), state-sponsored attacks against opposing nation-states, or even cyber terrorism.

How do I protect against hacking?

Hacking today takes on so many forms and targets so many kinds of organizations that a multilayered defense strategy is necessary for every company and government agency. This strategy must address people, processes, and technology.

• People: Make sure your employees are educated on popular hacking techniques such as phishing and ransomware, and develop policies for what they should do when confronted with these types of attacks. Make sure employees are aware of the benefits of strong passwords over more convenient, easy-to-guess ones.
• Processes: Develop policies and safeguards surrounding computing behavior--for both inside and outside the office. The policies should address which devices employees are permitted to use for accessing corporate resources, which websites they are allowed to visit, and which types of files they can download.
• Technology: Make sure your security technologies cover all potential access points into your infrastructure and are able to detect and remediate a wide range of attack types. Covered access points should include all end-user devices that are permitted to interact with your organization's systems and data.
• Ongoing vigilance: It's not a matter of if, but when a company will get breached. Make sure all your data is frequently backed up in the event of a security incident. Stay up to date on the latest attack types and the newest security technologies designed to combat them. And keep all systems patched and updated.

What is ethical hacking?

Ethical hacking involves the legal use of hacking techniques for benevolent versus malicious purposes. Ethical hackers use penetration testing and other tactics to find software vulnerabilities and other security weaknesses so they can be promptly addressed.