The magazine for alumni and friends of the UB School of Management
Issue link: http://ubschoolofmanagement.uberflip.com/i/1280897
22 Buffalo Business Autumn 2020 Insights Whether cracking digital security for good or ill, hackers tend to be people who are manipulative, deceit- ful, exploitative, cynical and insensitive, accord- ing to new School of Management research. Presented at the Hawaii International Conference on System Sciences, the study analyzed the psycho- logical profiles of college students in computer science and management to see which personality traits led to three differ- ent kinds of computer hacking: white hat, gray hat and black hat. White hats are ethical hackers, who help organizations detect and fix security vulnerabilities. Gray hats are "hacktivists," who hack for ideological reasons, such as attacking a political adversary, a company policy or even a nation-state. And black hat hackers, sometimes called crackers, are motivated by personal gain—or just in it for the thrill of the attack, revenge or notoriety. "Gray hatters oppose authority, black hatters are thrill-seeking and white hatters—the good guys—tend to be narcis- sists," says Lawrence Sanders, professor of management science and systems. "So even though white hats may be devi- ous and psychopathic, we need them to address nefarious hacking activity." The researchers surveyed 439 soph- omores and juniors to determine their personality traits, and developed scales to determine the three hat categories and measure each person's perception of the probability of being caught violating privacy laws. "Engaging in criminal activity involves a choice where there are consequences and opportunities, and individuals perceive them differently," says Joana Gaia, clinical assistant professor of management science and systems. "But, they can be deterred if there is a likelihood of punishment—and the punishment is severe." Their results suggest security compli- ance will continue to be a problem, but there are several ways organizations can reduce the impact of or prevent breaches. "Firms can use monitoring technology and multifactor authentication to prevent unauthorized access to physical and digi- tal spaces," says Gaia. "Organizations could use personality traits to evaluate employ- ees as security threats, but that should be approached cautiously for practical, ethical and privacy reasons." Sanders and Gaia collaborated on the study with Bina Ramamurthy and Shambhu Upadhyaya, both UB faculty members in computer science and engineering; UB PhD students Sean Patrick Sanders and Xunyi Wang; and Chul Woo Yoo, assistant profes- sor of information technology and opera- tions management in the Florida Atlantic University College of Business. Sanders Gaia INSIDE THE MIND OF A HACKER