Cybersecurity

Meet the tenacious teenage ethical hacker helping small businesses beat cybercriminals

November 6, 2023 | By Sophie Hares

In a leafy suburb of Sydney, 18-year-old Jackson Henry spends hours a day glued to his keyboard, fervently devising ways to hack into the systems of the world’s biggest organizations.

But Henry’s no criminal, maliciously scheming to steal or extort money from companies. Instead, the teenager is one of an increasingly sought-after band of ethical hackers who try to break into systems to uncover potential weaknesses.

The term “hacker” was not always an insult. Back in the 1960s, computer engineers at Massachusetts Institute of Technology coined the term to describe people exploring “different ways to optimize systems and machines to make them run more efficiently,” according to the National Cybersecurity Alliance.

Then cybercriminals, also known as black hats, hijacked the term as their exploits mounted over the decades. Unbeknownst to many, ethical hackers, also called white hats, were often there to counter those attacks. Now, as concerns about cybersecurity seep into every crevice of our lives, companies are increasingly recruiting ethical hackers for help.

“Some of the most talented hackers I’ve met are ethical,” Henry says. “There’s not much incentive for people to commit crimes with their skills because there’s so much demand.”

It’s been a dizzying journey for Henry, who first fell in love with technology playing video games with his brother. His pastime quickly morphed into a fascination with programming and working out how people interact with systems.

After teaching himself as much as possible, he began picking up tips from the ethical hackers he met online who would tap into the psyche of black hats to identify system vulnerabilities and earn “bug bounty” rewards.

Then at just 15, Henry scored a well-publicized win when he helped uncover a United Nations security misconfiguration that could have led to a major data breach, exposing  100,000 sensitive personnel records.

Since then, he’s emerged as an expert in his field, graduated from high school, and is poised to start a full-time job developing cybersecurity strategies in Sydney where he’s likely to be the youngest on his team.

He’s also using his understanding of system vulnerabilities to work with Mastercard and highlight practical ways small and medium-sized businesses can protect themselves from a growing barrage of increasingly sophisticated cyberattacks.

While big companies understand the need to invest in the software and training required to insulate themselves from phishing, malware and ransomware attacks, many smaller businesses don’t have the time or resources to do the same – and risk paying a hefty price.

To demonstrate the importance of good cyber hygiene, Jackson Henry recently worked with Sina Klug at Sydney's Nutie Donuts to demonstrate how a bad actor may attempt to gain access to its systems.

Cybersecurity Ventures estimates the cost of cybercrime will hit $8 trillion in 2023 and says over half of cyberattacks are targeted at small and mid-sized companies. The global average cost of a data breach is also on the rise, increasing 15% from 2020 to 2023, according to IBM.

“Volume over value is the MO of these threat actors,” Henry says. “They care about automating as many attacks as possible.”

All too often, phishing and other attacks on small businesses succeed because of human error. Employees might inadvertently click on a malicious email, rely on the same simple passwords, or do not bother to activate the two-factor authentication that can help protect the business accounts.

To reduce the risk of damaging attacks, Henry advises businesses to spruce up their cyber hygiene, invest in anti-virus software and back up data regularly. Ramping up employee training and devising cybersecurity policies can also play an important role.

Companies can also plug security gaps by harnessing the power of the ethical hacker community, he explains. One option is to set up vulnerability disclosure programs to reward people who identify where risks lie in their systems with either money or public praise.

For the teenager who lives at home with his family, digging deep into systems and uncovering potential security risks before malicious hackers find them is a massive thrill.

“It’s a lot of fun researching and finding this stuff. And taking the creative liberty and thinking ‘ok, what if I wasn’t so ethical, what would have happened?” he says. “That’s the adrenaline rush.”

Small business

Cyber secure in 60 seconds

Teenage ethical hacker Jackson Henry shares 10 low-cost tips to help small businesses boost their cyber hygiene and protect themselves from bad actors. For more information on cybersecurity for small businesses, check out the Mastercard Trust Center.

Watch 'Cyber secure in 60 seconds' here
Sophie Hares, Contributor