Keren Elazari speaks on the podium during the Digital Life Design (DLD) Conference at the HVB Forum in Munich, Germany.

What exactly does adopting a hacker mindset mean? According to Keren Elazari, it’s about having the foresight to see what potential security threats lie ahead, while recognizing the signs and patterns, instead of just reacting after a breach takes place. (Photo by dpa picture alliance/Alamy Stock Photo)

Innovation | Technology

Use a hacker’s mindset to tackle cybersecurity, says expert

Being able to foresee cyberthreats—and how to avoid them—are key to keeping your business secure

A Facebook IconFacebook A Twitter IconTwitter A Linkedin IconLinkedin An Email IconEmail

Fighting cybercrime takes more than hiring top talent and putting the latest technology in place. It requires adopting a hacker’s mindset.

Former hacker turned cybersecurity expert Keren Elazari—a speaker at the World Congress of Accountants in Sydney, Australia this month, of which CPA Canada is a sponsor and key participant—believes this is key to keeping businesses secure.

Elazari is a senior researcher at the Blavatnik Interdisciplinary Cyber Research Center, an author, and a TED Talk presenter who focuses on the complex relationships between hackers, industry and government. She says a hacker’s mindset will help businesses better identify and implement the necessary cybersecurity strategies.

“It’s my belief that we should actually adopt the hacker mindset and bring it into our everyday security opportunities and safety strategies as businesses and individuals,” Elazari said in a recent interview with CPA Canada.

“Hackers are some of the most important change agents, who make the most of things that happen…bad things and good things…and [they can] make things safer.” 

But what exactly does adopting a hacker mindset mean? According to Elazari, it’s about having the foresight to see what potential security threats lie ahead, while recognizing the signs and patterns, instead of just reacting after a breach takes place. Hackers look at a situation from every angle, and ask what else can be done, she says.

“When we have a security event, here is how we are going to respond. Who could be after our business? Immersing yourself in this knowledge space [to uncover] how you may become a target,” she says. (See Former hacker gives insight into the world’s top three cybersecurity threats)

“It’s not just about technology…we don’t all have to be engineers or coders, or super cool hackers with hoodies in the basement,” she says. 

The confusion over who is at risk and who is responsible for maintaining a secure environment has created a gap in how we view cybersecurity, says Elazari. We all have a role to ensure our businesses stay secure, regardless of where you work or what position you hold, she adds. 

“A lot of businesses, a lot of individuals, don’t think cybersecurity applies to them. That their business is not interesting, not big enough, or doesn’t have [valued] confidential information,” she says. “And they would be wrong. In all positions, [we should be] looking for the security of larger and smaller organizations.”

So, where do companies go from here?

A practical, forward-thinking approach to cybersecurity must be incorporated into the businesses’ overall strategy. This includes hiring the right experts, such as security officers and chief privacy officers (CPOs), who specifically handle cybersecurity management. An ongoing risk assessment using relevant resources and staff expertise will determine potential threats and the steps needed to avoid them.

“It’s a vastly growing point of view in the industry that is saying we are never going to have 100 per cent security. We are never going to have a perfectly secure environment,” says Elazari. 

“But whatever resources we do have, whatever our crown jewel [such as the secret formula for Coca-Cola] is, there has to be active assessments for risk management. Here is how we are going to mitigate against the most significant threat.”

For CPAs, it’s an area of opportunity to expand skillsets, while using knowledge they already have on hand. Accountants can play an integral role in cybersecurity from a data management and analytical perspective, believes Elazari. (See Three questions with Imran Ahmad: On cybersecurity and the role of the CPA)

“CPAs have an opportunity in this space to acquire some of these skills that will not necessarily be [cybersecurity-related or highly technological], but specially around the skills to work with analytics,” said Elazari.

“Our world of cybersecurity is going to need more talent than ever before.”

The World Congress of Accountants runs until November 8 in Sydney, Australia. The Congress, which dates back to 1904 and has been running every four years since 2002, attracts more than 5,500 delegates from 115 countries. CPA Canada played an influential role in the conference programming, which focuses on the future of the profession, addressing core themes including trust, ethics, diversity, sustainability and new technologies. 


Find out how to implement a robust risk management process using CPA Canada’s Cyber security: Establishing a risk management program and reassessing disclosure practices report and take steps to protecting your organization with Manage cybersecurity risk and security issues: Questions for directors