Hacking news regularly sends shockwaves through the business community and everyday consumers alike.
A 2013 Yahoo breach saw more than 1 billion Yahoo accounts hacked, with personal information, details and sensitive data exposed. Over 1,000 Wendy’s franchises were hacked when cybercriminals accessed payment processors, and with them, thousands of customers’ credit card numbers and other information. And there are countless other examples like these.
While criminal hacking is always in the news, ethical hacking often goes unnoticed or is misunderstood. Ethical hackers are computer and networking experts who try to penetrate systems to find vulnerabilities. They are hacking into systems upon the request of their owners to test their security and keep malicious hackers from accessing their information first.
Ethical hacking isn’t new, though it has transformed rapidly as new technologies and the IoT evolve.
A modern approach to ethical hacking came in the 1970s when the U.S. government used “red teams” to hack into its own computer systems to test vulnerabilities.
In this article:
The idea may sound counterintuitive, but ethical hackers can actually empower small businesses for the better by using their skills for good. Unlike malicious hackers, ethical hackers purposefully break into servers and online systems to expose vulnerabilities so companies can fix them before they spiral and cause catastrophic data loss or financial damage.
Some ethical hackers are doing it for the satisfaction and challenge, and others come from robust IT backgrounds with a focus on digital security. Meanwhile, traditional hackers are usually hacking into systems illegally for fun, profit or even revenge.
There are many misconceptions and challenges ethical hackers must overcome in order to gain a reputable foothold in the business world. Many hear the word “hacking” and envision entire computers being taken down and sensitive information released to the world, or recall major hacks like Sony’s when information on thousands of personal computers, servers, and devices was compromised, erased or released to the public.
Hacking has quickly spiraled into an unavoidable and costly problem for almost all small businesses. According to a recent HSB Cyber Study, 90% of businesses experienced hacking incidents over the last year.
The study also found risk managers are worried about the safety and security of IoT devices, and the vulnerabilities exposed with the rise of hyper-connectivity. Only 28% said IoT devices are actually safe for business use, yet 56% of businesses already use them or plan to in the future.
Using a firewall and regularly updating passwords are just the first steps to enhancing security – but they won’t keep hackers from penetrating business systems. Unfortunately, even complicated passwords can be cracked and are often subject to poor security practices, like storing them on a company server or computer that is also susceptible to being hacked. Hackers are also getting more sophisticated, using emerging technology, holding data for ransom and causing catastrophic damage to small businesses and corporations alike.
Big corporations like Google pay ethical hackers upwards of $20,000 to look for bugs and flaws through their “Bug Hunter University,” with a comprehensive breakdown of which bugs yield which rewards and payouts. These ethical hackers are helping prevent catastrophic damage to the corporation and protecting its users by catching vulnerabilities before malicious hackers find them.
Fortunately, small businesses don’t necessarily need to shell out $20,000 to attract their own ethical hackers, and can instead look for professionals ranging from self-taught to tested and certified.
Modern-day ethical hackers often started hacking for the challenge or to educate themselves on the vulnerabilities in information technology security. These hackers are sometimes called “white hat hackers.” It’s becoming increasingly common for companies large and small to employ their own in-house Information Security Analysts to help combat hacking. Information Security Analysts typically have extensive training in technological and informational infrastructure, with ongoing responsibilities to keep it all running securely.
Ethical hackers coming from this area of expertise also have knowledge in problem-solving strategies for security breaches and can collect and analyze data to monitor and interpret weaknesses. Expect them to possess deep knowledge of the latest infrastructure and hardware, from routers to memory storage, with the ability to establish security policies and best practices.
Information Security Analyst skills are highly valuable and sought out by juggernaut corporations like IBM. For example, a job posting from IBM specifically asks for candidates skilled in ethical hacking who can participate in technical testing for exposed applications.
Ethical hackers sometimes fall into the category of ‘penetration testers.’ According to Cyber Degrees, penetration testers look for security vulnerabilities across web-based applications, networks, and online systems. They use a variety of methods to hack into systems, from designing and creating their own tools, to employing social engineering.
The latter is often responsible for data breaches and relies on poor passwords, weak security and even scouring social media to gather personal information to password-test. That means technology and hacking tools are only part of the equation, and thoroughly educating businesses on security policies and best practices is necessary to create safe environments.
Today’s ethical hackers have meticulously built a reputation for their skills and ethical behavior in the industry. For example, Ty Miller serves as the Director of Threat Intelligence. The penetration company uses ethical hacking to test vulnerabilities and detect malicious activity. Miller also has a background as a Security Officer and Chief Technology Officer for companies including Macquarie University and Pure Hacking.
Neil R. Wyler (a.k.a. Grifter) is a Threat Hunting and Incident Response Specialist with a reputation for speaking and writing about hacking and how to keep companies safe. He’s spoken for audiences at conferences and events like Black Hat Security Briefings, DEFCON, RSA Conference, CactusCon, B-Sides and more.
The Director of NotSoSecure, Sumit “Sid” Siddharth, has a background in penetration testing, vulnerability research, and signature development, and offers public speaking at conferences like DEFCON. Siddarth is also an IT Security Consultant and trains others on areas integral to ethical hacking, like Infrastructure Penetration Testing.
How to Learn More About Ethical Hacking
Ethical hacking techniques and best practices evolve rapidly as criminal hackers find new ways to expose vulnerabilities and attempt to remain undetected. Use the following resources to stay up-to-date on trends, find ethical hackers, and get breaking hacker news.
Get automated tools to expose system vulnerabilities and perform penetration testing. Indusface performs dynamic and static code analysis to look for malicious code or weak encryption. Part of our Total Application Security offering includes Web Application Firewall and ethical hack-based penetration testing.
Amateur and emerging ethical hackers can keep up on the current trends in hacking with resources like The Hack Today. The site features advice, how-tos, and techniques in areas like WiFi hacking and iOs system hacks.
Get free and open source cyber security learning with a variety of online training modules, certifications, and labs with Cybrary.
Companies interested in trying an anti-phishing simulator can try Security IQ for free from Infosec Institute. Your team will get a clearer picture of how phishing works and how to combat it.
Get the latest news on hacking schemes with The Hacker News. Recent articles include phishing attacks that are almost impossible to detect on Chrome, Firefox, and Opera.
Look for certified, experienced ethical hackers on LinkedIn’s job boards to find qualified professionals looking for new opportunities.
Some of the world’s leading security companies specializing in ethical hacking and penetration testing offer helpful resources, tips, and insights on their blogs. White Hat SEC posts industry observations, including ways to empower developers to fix security vulnerabilities as part of their DevOps workflows.
Selected by EC-Council to launch CHFI v9 training in Washington D.C., SecureNinja offers training courses to corporate and government sponsored customers. But anyone can brush up on cybersecurity news at SecureNinja’s company blog. Learn about how the shortage of skilled cybersecurity professionals is ultimately what leads to the high volume and cost of data breaches.
Securosis is an independent security research and advisory firm dedicated to transparency, objectivity, and quality. They focus heavily on the research side of security with work on papers, presentations, code, and architecture. Their blog features in-depth posts on areas like deploying decryption keys into third-party cloud services.
There are plenty of online training courses for IT professionals and emerging ethical hackers looking for ways to further their education in penetration testing and techniques.
1. Tom’s IT Pro offers invaluable insights into becoming a white hat hacker as a career choice. They advise having strong problem-solving, communication and IT security skills, as well as getting Certified Ethical Hacker (CEH) certification from the EC-Council for beginning to advanced IT and penetration experience.
2. Jump right into the techniques of penetration testing, footprinting, system hacking and more with Cybrary’s courses. They also offer certification on subnetting, network infrastructure, cloud fundamentals and more for Micro Certifications.
3. Get basic to highly-advanced training in ethical hacking with CTG Security Solutions. Courses use online training via Team Viewer, Skype, Google Hangouts or Live Online. Certification is also available under the trademark CTG Security Solutions brand.
While there is no formal college degree for becoming an ethical hacker, some ethical hackers go through EC-Council comprehensive certified hacking courses and earn degrees through self-taught and formal coursework. The council advises, “To beat a hacker, you need to think like a hacker.” That means immersing yourself in the right mindset to defend against future cyber attacks. Related courses include Network Defense Architect, Certified Network Defender and Security Analyst for further ethical hacking education.
InfoSec offers its own Ethical Hacking Boot Camp to teach the in-depth techniques of hackers with comprehensive hands-on labs. Students learn to hack into real servers and networks during the class. Students can expect to learn more about penetration testing methodologies, stealth network recon, gaining remote access through trojans and wireless insecurities.
Get certified ethical hacking training classes through Certified Staffing Solutions, with corporate class schedules and group onsite classes.
Become a Certified Ethical Hacker through Training Camp’s CEH v9 Bootcamp to learn the latest in hacking methodology. Students are immersed in the hacking mindset to defend against future attacks.
Get trained in the Art of Hacking with a five-day practical class from Not So Secure and earn a leading hacking certification. Aspiring ethical hackers gain hands-on skills and access to a hacking lab that’s continuously updated to expose students to the latest hacking threats.
You don’t have to tackle ethical hacking on your own. Small businesses and corporations alike often hire companies specializing in penetration testing and security services. No Wireless Security helps secure WiFi with Cloud RADIUS to protect your wireless network. It can also help combat issues stemming from Bring Your Own Device (BYOD) policies to protect devices when they’re lost, stolen or need their access revoked.
Meanwhile, Threat Intelligence developed their own attack techniques for security firms, including Convert DNS Tunneling Payload for Core Security. They offer threat analytics, penetration testing, and comprehensive training to international government agencies, security companies and more.
It’s no longer safe to simply sit back and hope your firewalls and cloud-based apps will protect you from cybercrimes and malicious online activity. Cybercrime cost the global economy $445 billion in 2016 and can cause long-term damage to your company’s reputation. And while there is no guarantee ethical hacking will prevent all attacks, cybercriminals are rapidly adapting to target businesses of all sizes. Companies can either invest their own time and money to keep on top of the latest threats or hire an ethical hacker to do it for them.
Has your business ever been hacked? What are your thoughts on using ethical hacking to combat malicious cyber crimes? Let us know by leaving a comment below.
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. He was instrumental in building the product/service and technology team from scratch and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. He has proven experience (10+ years) in the security industry and has held various mgmt/leadership roles in Product Development, Professional Services, and Sales during his time at Entrust Data card.