Regular readers will know that I started out my cybersecurity career not as a writer but as a hacker. In the truest sense of the word: I was exploring other people’s networks in the late 80s and early 90s for educational, rather than criminal, reasons. I was keen to learn about the emerging online world, and hands-on experience was how I could do that most effectively. Did I ever stray into the darker areas when it came to my virtual travels? Sure, but I never set out to do harm nor, indeed, to steal.
Fast-forward 35 years or so, and for most people, most of the time, hacking conjures up one of four visions:
■ The hoodie-wearing teenager installing malware, stealing data (or bank balances), and maybe defacing sites in the name of political activism and hitting services with denial of service attacks for the lulz.■ Organised criminal gangs stealing data and/or extorting victims. Ransomware groups have become the focus of much of this attention today, but these are far from the only cybercriminal players.■ State-sponsored actors involved in commercial, industrial or political espionage.■ Law enforcement or government agencies carrying