I’ve heard the term hacking used for non technical things a few too many times lately. It makes me wonder if perhaps its overuse is making the average person not care about security because they believe it’s a purely technical issue that’s beyond their ability, and so not worth their concern.
I recently performed an experiment with my family to test this theory. First I asked my mom to read an article describing a recent security breach where malicious individuals sent a fax requesting an update to the DNS settings for the victim’s website.
The article frequently used the word ‘hacking’, which in this context seemed misleading. When she was done, I asked her how the ‘hack’ had occurred.
Now, my mom is pretty computer savvy, so she thought about it for a moment and then came up with a pretty accurate answer. She then reread the article for the details to be sure.
However, as she did this, she read snippets of the article out loud and my step-dad, who is not so computer literate, overheard.
Without reading the whole article and based on only a few lines read out loud, he confidently stated that the hacker obviously sent data via the fax machine to change the DNS address.
It seemed clear to him that it was done via zeros and ones, and that the fax machine itself was flawed rather than the process around accepting faxed requests.
That seems to paint a clear picture of what the average person envisions when they hear the term hacking.
I worry that they then don’t realize that they could act differently if they were in a similar situation to help prevent a security breach because they assume hackers are using highly technical attacks that are best dealt with by security professionals.
Perhaps, if we didn’t use the words ‘hacking’, ‘hacked’, and ‘hacker’ as umbrella terms and instead used words that help the average person differentiate between attack methods, it would be easier to mitigate layer 8 security issues.
- Give Me the Finger – Biometrics, That Is…
- Startup Security: Minimum Viable Product Shouldn’t Mean Minimum Security
- Password Authentication is Like Credit Card Processing
- Securing WordPress: Hardening Basics
P.S. Have you met John Powers, supernatural CISO?