At the end of last year, I talked a bit about Cyber Challenge, a contest where hacking skills could lead to security jobs. Another annual contest comes up in March, the Pwn2Own 2010 to test hacking skills on a number of platforms.
On the one hand, I believe contests like this can lead to better data security and more knowledgeable security personnel. On the other hand, they may skew our perception of hackers as a whole.
In an article at Security Dark Reading, Tim Wilson discusses the misconception of who is hacking into enterprise computer systems. The article is based on ScanSafe's Annual Global Threat Report, written by Mary Landesman, and takes a good look at who is actually responsible for the destructive malware infestations. Wilson wrote:
While many outside of the security industry still perceive "hackers" as teenagers or isolated geeks who work alone, Landesman's report encourages security professionals -- and the general public -- to see malware as a cooperative industry that supports specialists, economies, and supply chains. "Malware is every bit as layered as any other industry," she says. "There are mom-and-pop shops. There are big giants. There are suppliers and developers and a global market."
Hacking is a sophisticated business -- and the "person" trying to get into your system is more likely to be a government or a syndicate rather than a group of bored college kids. However, Wilson wrote:
Many business executives "and even some IT pros" are too focused on the group of cybercriminals that can be categorized as "sole proprietors," Landesman says. "These are the ones we hear the most about -- the phishers, the carders, the people repackaging scareware to drive users to malicious sites," she observes.
To best protect themselves, businesses do need to understand the mind of a hacker, but it also helps to know who that hacker is.