What Is a Hacker?

A hacker is a person who breaks into a computer system. The reasons for hacking can be many: installing malware, stealing or destroying data, disrupting service, and more. Hacking can also be done for ethical reasons, such as trying to find software vulnerabilities so they can be fixed.

How does hacking work?

Hackers breach defenses to gain unauthorized access into computers, phones, tablets, IoT devices, networks, or entire computing systems. Hackers also take advantage of weaknesses in network security to gain access. The weaknesses can be technical or social in nature.

  • Technical weaknesses: Hackers can exploit software vulnerabilities or weak security practices to gain unauthorized access or inject malware, for example.
  • Social weaknesses: Hackers can also use social engineering to convince those with privileged access to targeted systems to click on malicious links, open infected files, or reveal personal information, thereby gaining access to otherwise hardened infrastructures.

What makes someone a hacker?

Much of today's computer hacking has been automated--which is why it currently poses such a threat to Internet security. Some hackers are still highly trained technical professionals, but others are much less skilled and are able to launch successful attacks simply by buying attack tools.

  • Hacker demographics: It used to be the case that hackers were often teenagers trying to break into prominent organizations simply to gain notoriety. But today's hacker community is far more diverse and is made up of individuals with many different motives.
  • Hacker motives: Some of the leading motives for online hacking are financial gain, activism, corporate espionage (spying on competitors), state-sponsored attacks against opposing nation-states, or even cyber terrorism.

How do I protect against hacking?

Hacking today takes on so many forms and targets so many kinds of organizations that a multilayered defense strategy is necessary for every company and government agency. This strategy must address people, processes, and technology.

  • People: Make sure your employees are educated on popular hacking techniques such as phishing and ransomware, and develop policies for what they should do when confronted with these types of attacks. Make sure employees are aware of the benefits of strong passwords over more convenient, easy-to-guess ones.
  • Processes: Develop policies and safeguards surrounding computing behavior--for both inside and outside the office. The policies should address which devices employees are permitted to use for accessing corporate resources, which websites they are allowed to visit, and which types of files they can download.
  • Technology: Make sure your security technologies cover all potential access points into your infrastructure and are able to detect and remediate a wide range of attack types. Covered access points should include all end-user devices that are permitted to interact with your organization's systems and data.
  • Ongoing vigilance: It's not a matter of if, but when a company will get breached. Make sure all your data is frequently backed up in the event of a security incident. Stay up to date on the latest attack types and the newest security technologies designed to combat them. And keep all systems patched and updated.

What is ethical hacking?

Ethical hacking involves the legal use of hacking techniques for benevolent versus malicious purposes. Ethical hackers use penetration testing and other tactics to find software vulnerabilities and other security weaknesses so they can be promptly addressed.

Types of hackers


Cybercriminals are hackers who often use tools such as malware, phishing, and ransomware to launch attacks for financial gain or other nefarious purposes. They steal information ranging from email addresses and passwords to social security numbers and credit card details in order to sell it for profit.

See our Cisco Security Awareness solution


Hacktivists use hacking techniques as a tool for social activism. They often break into organizations they oppose in order to send a message, for instance by defacing their website, launching DDoS attacks, stealing and posting personal or confidential information, and so on. Anonymous is one example of a well-known hacktivist group.

Discover Cisco Secure Email

Ethical hackers

Ethical hackers are legally permitted to break into certain computer systems to find flaws. Businesses and government organizations often hire ethical hackers to uncover software vulnerabilities or other security weaknesses so they can be fixed before they are exploited by malicious hackers.

View our Security Services

Script kiddies

Script kiddies are part of the newer wave of hackers who do not rely on high levels of skill for their attacks. Instead they purchase and use ready-made scripts and hacking tools.

Explore Secure Endpoint