Hacker Hires Don't Interest Most Businesses

Do not take counsel of your fears" is as poignant a message today as when Gen. George S. Patton spoke these words half a century ago. And companies are generally following this advice when assessing security procedures. Although computer hackers are regarded by most people as security threats, businesses increasingly are hiring them to test their network defenses.

How prevalent is this hacker-as-consultant phenomenon? And how deep is the level of trust? InformationWeek Research's 2001 Global Information Security Survey, a study conducted by PricewaterhouseCoopers, polled 2,156 U.S. security professionals about their security strategies and experiences, including their companies' willingness to hire hackers.

One in four respondents say that their employers would hire a hacker as a full-time employee. Half say there's a willingness to employ a hacker as a consultant, perhaps under the impression that such an arrangement would limit access and operations knowledge and possibly reduce their exposure.

Yet the idea of hiring a hacker remains inconceivable for many business-technology professionals, despite assurances from authorities such as Forrester Research. Its recent report, Hacker Attacks: Nuthin' To See Here, claims that computer hackers are more interested in notoriety than monetary gain. Nevertheless, 74% of security professionals polled by InformationWeek Research say hiring hackers as full-time IT employees isn't an option, regardless of ability or company need. And 48% report that their companies wouldn't work with a hacker, even as a consultant.

Many companies in the United States are looking to boost their security talent base in the next 12 months. Thirty-one percent of survey participants report the lack of qualified IT security staff is a significant obstacle in protecting their operations against security breaches and espionage. But this might be remedied soon, as a third of respondents expect the hiring of IT security workers in the next 12 months, while 6% are looking at outsourcing various security functions. (For more information on the report, see informationweekresearch.com.)

How willing is your company to hire a hacker to ensure that security measures are met? Let us know at the address below.

Helen D'Antoni
Research Manager
[email protected]

Understandable Opposition

Uncertain times may prompt some companies to make unusual or hasty security decisions. And while the events of Sept. 11 have spurred companies to re-evaluate security procedures, resistance to hiring hackers as either full-time IT employees or as security consultants is understandable.

InformationWeek Research's Global Information Security Survey found that when security breaches or espionage occurs, hackers are the primary suspects in the United States and internationally. Of the study's 1,767 U.S. security professionals who reported a security breach in the past year, 54% say a hacker was the prime suspect. Globally, that number is a bit lower: Of 3,457 security professionals internationally, 46% lay the blame on hackers.