HHP – Hackers Hack People

The Cybersecurity Industry is 97% Technology and 3% Psychology. The Darknet Hacking Industry is 70% Psychology and 30% Technology.

CISOs are playing defense with static cyberdefense tools that don’t work, against smart offense players who have the blueprints for the defense and deploy marketing and advertising techniques – consumer behavior, projection, brand development, targeting, “you” appeal and more – to outflank the defense.

Think The Maginot Line – hackers go around the technology defenses by hacking people. Employees, 3rd Parties’ employees, Contractors, Family, Associates.

Everywhere, we see the visual shorthand for cybercrime and hacking and darknet and deepweb – some hoodied dudes and chicks in server basements with dark blue lighting doing stuff on laptops. But… Hackers Don’t Wear Hoodies

Hackers are mainly employed in government offices in China, North Korea, Russia, The USA, Australia, the UK, France, Israel, Germany, Iran. They have a dress code and hoodie ain’t on it. The private sector guys and gals don’t wear hoodies either.

Think about it: these people called “hackers” want to get past defenses. How do they do that? They know all of the booby traps and triggers and alerts – these people could all get cybersec jobs playing defense.

Hackers work on the living software, the Human Resource, of organizations. Directly and indirectly, through 3rd party suppliers, via associates, they map out a human way into and past technical defenses.

The technology vendors, the VCs & PE folks on Sands Hill Road, the NASDAQ listed corporations etc are fine with this: more cybercrime means more sales of tech that doesn’t slow down the demand for more “stuff”. Every year, headline losses from “cybercrime” increase ahead of the growth in cyber tech spending.

Cybersec employees & contractors are also cool with this, perhaps not in a calculating way, but never get between the dog and a lamp post! Cybersec generates a big paycheck for a lot of people, plus all the benefits and kudos of being one of those cybersecurity defenders. Cyber techies get to be interesting (up to a point) at parties.

The recruiters, the H1B agencies, the managed security crowd all like it too. Like America’s healthcare horror story, the money is in creating and then managing chronic illness, not in curing it. Darknet Monitoring vendors like Culet Security can give a vital insight into risk-prone employees and – often more important – 3rd party employees’ risky behavior online.