Why companies should employ ethical hackers
Why companies should employ ethical hackers

In the recent times, cyber-attacks have become an even a bigger threat than terrorism. Business of all sizes need software and IT infrastructure more than ever as hacking risks have risen exponentially. Security breaches can now cause not only financial but social damages to society. 

Examples include:

Target breach:

In November 2013, retail giant Target Corporation suffered one of the largest cyber-breaches up to that time. This cyber-crime occurred during the holiday shopping season. It resulted in personal information on approximately 110 million customers being compromised. Moreover, the company had to pay millions of dollars to settle claims against it.

Yahoo breach:

The Internet giant Yahoo reported security breaches on its site that affected more than 500 million Yahoo! User accounts. A similar incident also happened earlier, around August 2013, which was not reported by Yahoo until  December 2016. Both breaches are among the largest discovered in the history of the Internet.

In these cyber-attacks, personal details of the users, such as first name, last name, email addresses, telephone numbers, date of birth, security questions and answers, dates of birth, and other important data was stolen by the cyber-attackers.

As a result of this cyber-security attack, Yahoo faced several lawsuits as well as investigations.  Yahoo also suffered from both financial loss and loss of reputation, impacting the company's valuation.

Windows ransomware (WannaCry):

In 2017, hackers exploited a vulnerability in Windows such that they were able to encrypt and lock entire computer systems. They could only be unlocked by paying a ransom. Government offices, Hospitals, schools, ports, corporates across various countries were affected by this breach. Then came the follow on costs of NotPeta, bput at around £250 million .

Ashley Madison:

Cyber-attacks can sometimes cause unexpected damage. Consider Ashley Madison, a prominent American dating/adultery website. The data on this website was hacked two years ago, and almost 37 million personal details were exposed in this data breach.

In this security breach, hackers were able to access almost 100 gigabytes' worth of sensitive data. The leaked information includes ' used id, first & last names, email id, passwords, credit card information, phone numbers, and transactions records of their users.

This event also led blackmail, while some Ashley Madison members were reported to have committed suicide. Many people also had their social standing impacted because of this incident. 

Why you an ethical hacker?

The examples above underscore the need for a hacker in organisations.  In most cases, ethical hackers easily detect glaring security flaws in the system of any organisation.

Ethical hackers, also known as white hat hackers, search and exploit weakness and vulnerabilities in various systems just like malicious hackers would. In fact they both have very similar skill sets.

However, the difference between the two is that an ethical hacker legitimately uses those skills and try to find vulnerabilities and fix them while an attacking cyber-hacker does this to exploit them to ahcieve their own malicious purposes.

Skills of an ethical hacker

When searching for the right ethical hacker for your organisation, you need to look out for following skills:

·        He or she must be a computer systems expert and should have programming and computer networking skills.

·        An ethical hacker should have perseverance to try again and again and they need a passion to achieve the required result.

·        The knowledge of Linux is an essential skill of any professional ethical hacker.

·        The good hacker should be hard working and ready to work constantly to find the problem in the system.

·        Above all, an ethical hacker should able to understand the situation and understand the mind-set of hackers.

Bug bounty programmes

Sometimes companies do not want to hire a full-time ethical hacker as they are not willing to spend extra budget for this purpose. In such cases, companies can also assign this job to bug bounty programme sites such as HackerOne and Bugcrowd. These sites provide a platform for any company to pen test their applications and receive reports about all kind of security vulnerabilities on their website.

Contributed by Krishna Rungta,  individual contributor, technical lead, and  CEO of Guru99.

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.

SC does not vouch for the bona fides of contributors, whose submissions are accepted in good faith, and with hackers in particular, it is advised to verify references yourself before allowing attacks on your systems.