703-345-5833 info@rimstorm.com

May 19, 2021

When you’re vying for a government contract — especially with the U.S. Department of Defense — you’re expected to hold a high degree of knowledge regarding data security. This is why frameworks and regulations such as NIST SP 800-171, DFARS, CMMC are all mandatory.

But if your eyes tend to glaze over when trying to read through pages of each new government regulation, it helps to understand why they’re crafted in the first place, and what threats they’re meant to protect us from.

Hackers pose specific problems for data security. These highly skilled programmers can find security gaps and access secure systems — sometimes with good intentions, but more often with bad intentions in mind. Some hacking actions are legal, but the activities that generate the most attention and the most concern for businesses and governments are the illegal activities. These are generally aimed at sabotaging computer systems and networks or stealing money and information.

Understanding their motivations provides you with an advantage. With that in mind, today we’re delving into the seven primary hacker archetypes.

White Hat

These are commonly known as ethical hackers, and they’re the good guys of the hacking world. They use their skills to help create robust computer systems by evaluating, strengthening and improving security. These experts identify and repair potential vulnerabilities, effectively preventing exploitation by malicious hackers.

Black Hat

These are the opposite of White Hat hackers, and they’re the ones you often hear about on the news. They find security vulnerabilities and exploit them for personal financial gain or other malicious reasons. A Black Hat hacker can inflict major damage on both individual computer users and large organizations by stealing personal financial information, compromising the security of major systems, or shutting down or altering the function of websites and networks. Having the right security to prevent or detect malicious hacking operations is a vital part of your IT tech support.

Gray Hat

These hackers fall somewhere in the middle — sharing traits of both their fellow White and Black Hats. They may violate ethical standards or principles, but without the malicious intent ascribed to Black Hat hackers. Sometimes they’re simply showing off their skills. While Gray Hats don’t typically steal money or information, they could if they wanted to. And while they don’t necessarily use their skills for the benefit of others, they could also do that if they wanted to.

Script Kiddie

These novice hackers attempt to attack computer systems or vandalize websites. Although generally less experienced and mature, they can inflict as much computer damage as professional hackers, and they’re subject to similar criminal charges as their older and savvier counterparts.

Nation-State Hacker

These hackers are the primary reason for the existence of CMMC. They are employed by governments to engage in espionage through surveillance or sabotage of a target or theft of information and are often defined as an Advanced Persistent Threat (APT).

Malicious Insider

This type of attack can come from a whistleblower or a disgruntled employee — someone inside an organization who has authorized access to a network or computer system. An insider has the advantage of knowing the network architecture and system procedures.


These groups or individuals use hacking to make a political statement or seek social change. In contrast to hackers with malicious intentions, hacktivists engage in an online strategy to exercise civil disobedience. Their targets are often governments or corporations with whom they disagree.

Knowledge is Power: Understanding Hackers and Their MotivationsAs your organization evolves, so do the requirements of your specific IT environment. Our experts can protect and defend your vital IT systems from hackers and other cyber threats by ensuring their availability, integrity, authenticity and confidentiality. We’ll incorporate the protection, detection and reaction capabilities necessary to assure that your information will be there when you need it. Additionally, we have everything in one place to ensure your CMMC attainment. Contact us for a free consultation and we’ll talk through the process — no strings attached.