Say the word "hack" or "hacker", and the reaction is generally one of fear, disdain or both. The term generally brings to mind some variation of a lone, shifty-eyed figure hunched over a keyboard, mumbling to himself while orchestrating a virtual smash-and-grab.
At Mandiant, our perception is different. We understand the most threatening attacks today come from highly sophisticated individuals and organizations who are patiently and persistently working - sometimes over years -to exploit weaknesses, counterfeit credentials and highjack operations. As if it's their job. (Because it is).
But as the New Yorker recently explained, hack wasn't always a four letter word. In its early days, the term simply referred to students and hobbyists who explored ways to push machines beyond their expressed capabilities. Even now, the term isn't necessarily bad. While black hat hackers seek to cause disruption or steal valuable data, white hat hackers are still working to make computers and networks work better and more securely.
Facebook's Mark Zuckerberg wants to reclaim the term hacker, celebrating what he calls the "Hacker Way." As he explains it, hacking is simply a means of building systems quickly in a way that pushes boundaries. Zuckerberg encourages hacking at Facebook, viewing it as a naturally democratic, eminently practical means of operating in a world where consumer tastes can change on a dime. Far from perfectionism, this approach encourages constant evolution and trial and error.
It may sound like heresy to those of us who prefer a more buttoned-down approach that accounts for every risk, but we can't argue that it hasn't worked well for Facebook.
And it's a great reminder about the good that hackers can do. And what those same skills in the wrong hands are able to accomplish, undetected, on your networks. Targeted attackers have a mission and that's to steal your company's valuable assets. Once you put a face with a name you see why prevention will ultimately fail and detection is key.