As cyber threats increase in frequency and sophistication, protecting business infrastructure from them seems like an impossible task. Could hackers be the solution to businesses’ cybersecurity woes rather than the problem?
Ethical hacking seems to be a contradiction in terms but big firms are adopting the technique to ensure their systems are locked down, transforming the hacker from foe to friend.
Web behemoths including Facebook, Google and now PayPal are offering rewards to hackers who crack into their technology infrastructure and report their methods, and their security flaws, back to them with the assurance of no legal backlash.
UKFast’s director of data centre Stuart Coulson said: “I strongly believe that the only way that you can ensure that your systems are secure is to test and retest them constantly, plugging the holes as you go.
“Big firms are quickly jumping on board with the idea of ethical hacking, using people with the skills and mind-set of cybercriminals who can identify weaknesses that hackers would take advantage of.”
With businesses becoming progressively reliant on technology, and cyber-threats becoming increasingly frequent and sophisticated, a strong cyber security strategy is vital in a modern business.
Now clearly not all businesses have the resource to set up a bug reporting/reward program, but employing the skills of hackers is a potential solution to the increasingly difficult issue of cybersecurity.
Coulson said: “For SMEs, opening themselves up to hackers is a scary prospect but if you enlist the services of a security firm that you can trust to carry out the hack, I would say that the positives far outweigh the negative.”
Penetration testing is the official term, but ethical hacking is in essence the same thing and gives the business the ability to take pre-emptive measures against malicious attacks, spotting a flaw before the malicious hackers do.
Coulson said: “Penetration testing enables businesses to ask ‘are we secure?’ and to set the parameters for certified ethical hackers to attempt to break into their systems. For example, testing could be a simple hack attempt, or could include social engineering such as gaining entry to the office space and installing wireless devices to aid the hacking attempt.
“The results of tests like this are far more valuable than tests carried out by the in-house people who developed and are responsible for the cyber security strategy as they already know the system inside out and may not spot the areas of potential weakness.”
Although hacktivist groups like Anonymous and LulzSec claim to be ethical and carry out attacks ‘for the greater good’, there is a clear distinction between these and true ethical hackers.
Certified ethical hackers have been authorised to attempt to hack into the business’s infrastructure, which makes the hack legal. Hacktivists may claim to be doing it for the ‘greater good’ but they have not had authorisation and are therefore breaking the law.
“Choosing the right people to carry out the penetration testing is vital to the success of this exercise. If you employ a company or ethical hacker that you have done no research on nor received any recommendations, you could be handing over legal access to crack into your system to a cybercriminal, without even knowing it.”