It’s easy to imagine a company getting hacked, especially in a day and age when companies face numerous cyberattacks a year. It’s not so easy to imagine a company that actually wants to be hacked, let alone be willing to pay the hacker a starting salary of $95,000. Recently, though, more and more companies hire these ‘Ethical Hackers’ to find holes in firewalls and security measures.
What is an Ethical Hacker?
Ethical Hackers are what we call white hat hackers—hackers that use their skills legally and for good reasons. There are two other hacker classifications you should know. First is the black hat hackers who use their skills illegally and for personal gain or malicious intent. The second is the grey hat hackers, who ride the middle ground by sometimes hacking illegally but without malicious intent.
Mark Wharton, a Security Engineer at Secure Data Technologies, described ethical hackers as, “[People who] probe your network and any other resource for vulnerabilities to make sure you are compliant and keep the bad guys out.” These vulnerabilities can be anything from broken authentications, security misconfigurations, or even exposures to sensitive data. The company authorizes the entire process in the hopes that the hacker will be able to suggest fixes to the vulnerabilities.
These ethical hackers use different methods to find the vulnerabilities in a system. All are a part of a kit called the Hacker’s Tool Kit. Some items on the tool kit are web applications, testing, and pivoting. Pivoting is using a compromised system to ‘attack’ other systems on the same network. Ethical Hackers are looking for some way in which a network administrator has been complacent and thus created an inroad for a hacker to breach a network.
All ethical hackers have skills in scripting languages, knowledge of information security, and proficiency in networking and operating systems. They may have multiple certifications, but the most recognized one Is the Certified Ethical Hacker (C|EH). This certification focuses on reconnaissance, enumeration, maintaining access, covering your tracks, and gaining access.
Why should my company implement ethical hacking?
When you hire an ethical hacker, you are investing in security for yourself and your clients by limiting the attack surface of your networks which in turn, reduces liability for everyone. Current statistics show that the average cyberattack now costs businesses upwards of $1 million per incident. Having an ethical hacker look through your systems to find vulnerabilities can protect your business from black hat hackers and ultimately save your organization hundreds of thousands of dollars. In the same way that ethical hacking limits your liability, it also proves to your customers that you are dedicated to keeping them safe, bolstering your credibility. Understanding your vulnerabilities can also help you better manage security protocols and plan for future upgrades.
Consider this analogy: why have a lock on your door if you don’t plan on using it properly? That door may keep you safe from the majority of visitors looking to gain entry, but all it takes is the right visitor with the know-how to pick your lock and step right inside. The same is true for your network. Your servers and computers have firewalls in place to protect them, but a hacker with the right skills can find a way through your defenses. In contrast, ethical hackers are proactive in your defense, fix the problems before they cost you customers, money, and credibility, and prevent long term financial risk. Ans while ethical hacking may not be a standard business practice, it probably should be.
Understanding your organization's cybersecurity shortcomings is just one step in creating a strong security posture for your business. Secure Data can provide support from security assessments to true security operations center as a service. For more information or to speak with one of our security engineers, we'd love to help.