What is a Hack?

Author: Chris Dawson, Fortinet

Much to the chagrin of actual hackers, the term “hacking” has been co-opted in countless ways that bear little resemblance to actually breaking into computer systems. An intrepid homeowner might be a DIY hacker. Makers rarely object to the hacker moniker. Savvy homeschooling parents are hacking their children’s education and Silicon Valley entrepreneurs are hacking their brains with supplements and stimulants.

So it should come as no surprise that mainstream media throw around the term “hack” pretty loosely. The Houston Astros, according to the headlines, were “hacked” a couple weeks ago by front office employees of the St. Louis Cardinals. Not exactly a bunch of Johnny Mnemonic types, right? And, in fact, this can barely be called a hack. It turns out that former Cardinals employees who were now working with the Astros simply reused the same passwords with both organizations.

How many times are data breaches the result of employee error, lost devices, or internal leaks? There are plenty of bona fide hacks out there: Lengthy spear phishing campaigns that let hackers deeper and deeper into networks, unsecured wireless, cross-site scripting attacks...the list goes on. But when is a hack really a hack? And when is it just carelessness, mistakes, and poor security practices?

Hacking used to imply a concerted effort to covertly enter a secure system. Hackers exploit vulnerabilities, inject malware into systems, attempt to hide their actions and move about within a network. Trying someone’s old password on their new company’s database? Not so much.

But when it comes down to it, the definition that we give to hacking doesn’t really matter. The end result is the same. Data and information that should have been kept private ends up in the wrong hands. Whether that’s baseball playbooks, credit card numbers, or nuclear launch codes, we’re still talking about a security breach.

At its most fundamental level, security has two purposes:

  • Keep the bad guys out
  • Keep your data in
  • If bad guys get in and/or your data gets out, no matter what the reason, security has failed. If my dog gets out and does his business in the neighbor’s yard, it doesn’t matter if she leapt the fence, broke her lead, or wandered out when the kids forgot to close the door. I still need to retrieve my dog and clean up my neighbor’s lawn. Cybersecurity isn’t all that different, except that cleaning up my mess is free, my neighbors are only a bit grumpy, and cleanup takes a plastic bag. Data breaches can cost millions, customers launch class action suits, and cleanup can take years.

    So let’s not worry about the expanding definition of the word “hack”. Let’s know that what we’re really talking about is a security failure - a data breach if you’re feeling diplomatic. Let’s get users to take reasonable precautions, set up policies to enforce those precautions, and buy hardware and software to enforce those policies. What matters is the data, not how they got posted on the web or sold to cybercriminals.

    Want to know more?

    Why not become a CSO member and subscribe to CSO's mailing list. 

    Get newsletters, updates, events and more right here

    Join the CSO newsletter!

    Error: Please check your email address.

    Tags Houston AstroscybersecurityFortinethackopinioncybercriminalssilicon valleyCSO AustraliahackingDIY hacker

    More about CSO

    Show Comments

    Featured Whitepapers

    Editor's Recommendations

    Solution Centres

    Stories by Chris Dawson

    Latest Videos

    • 150x50

      CSO Webinar: Will your data protection strategy be enough when disaster strikes?

      Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

      Play Video

    • 150x50

      CSO Webinar: The Human Factor - Your people are your biggest security weakness

      ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

      Play Video

    • 150x50

      CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

      Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

      Play Video

    • 150x50

      CSO Webinar: Get real about metadata to avoid a false sense of security

      Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

      Play Video

    • 150x50

      CSO Webinar: How banking trojans work and how you can stop them

      CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

      Play Video

    More videos

    Blog Posts

    Market Place