For organisations that don’t invest in cyber security, getting hacked is just a matter of time. But even those that do are often breached using backdoors unknown to their security teams.
To protect your organisation, you’ll need to understand how hackers operate. So, why not recruit one? Hiring a hacker might sound counter-intuitive, but it could be your best decision of 2017.
To beat a hacker, you need to think like a hacker
The threat posed by increasingly advanced cyber criminals is growing. However, not every hacker is out to breach your business. There’s a growing number of good guys who earn a living protecting organisations.
Not to be confused with dark web lurking hackers-for-hire, ‘white hat’ or ‘ethical hackers’ are experts hired to identify security vulnerabilities in computer systems and networks.
It’s a big business and some ethical hackers are incredibly successful at finding security flaws, even in the largest companies.
Because the stakes are so high, businesses are willing to pay out massively for the service. £31,000 was recently awarded to an ethical hacker for reporting a vulnerability in Facebook.
Why you should hack your organisation
‘[Many companies] buy a bunch of technology, and they think they’re good, but most…forget that security penetration comes at the seams, where technologies stitch together’, states Art Gilliland, CEO of Skyport Systems.
Organisations serious about finding these ‘seams’ hire ethical hackers to conduct penetration tests - safe attacks on a computer system used to detect vulnerabilities.
Instead of compromising your sensitive data, ethical hackers will identify faults in your systems. This provides you with the knowledge you need to fix them.
These professionals use the same tools and techniques that malicious hackers employ. From staging an intense DDoS attack on your website to social engineering infiltration, ethical hackers will test every line of your cyber defences.
By hiring an ethical hacker, you’ll get unique insights from the perspective of an intruder. If flaws in your security are detected, they’ll be thoroughly documented so you can quickly work towards getting them fixed.
Without these harmless penetration tests, security holes could remain unseen, leaving your organisation open to exploitation.
How to hire an ethical hacker
If you want to hire an ethical hacker, you can typically either recruit one or train an existing staff member.
Hiring an ethical hacker doesn’t mean stalking the dark web and bartering with bitcoins. There’s now a rich pool of qualified security professionals to choose from, complete with formal ethical hacking qualifications.
First, you’ll need to understand what you actually want from your ethical hacker. Do this by formalising a clear statement of expectations, provided by yourself or an external auditor.
Ethical hackers shouldn’t be hired to just 'test your security'. They’re specialised professionals with a depth of IT security experience. Instead, you should be asking questions like: ‘Do we require an external penetration test?’ or ‘Do we need a web app security review?’
Ethical hackers can be recruited in much the same way as any other professional. But make sure you get tangible proof of your ethical hacker’s skills.
Look out for the leading ethical hacking certification, EC-Council’s Certified Ethical Hacker (CEH). This demonstrates to employers that this candidate possesses expert knowledge of ethical hacking and penetration testing.
You could even take the route used by GCHQ – set up your own hacking competition and promote it as a way to attract and identify ethical hackers. Successful competitors might be the cyber security talent you need.
Or boost your cyber security by training up an existing team member in ethical hacking techniques. Certifications, like EC-Council’s CEH, are a great way for existing staff to learn how to hack safely. They’ll get the skills they need to conduct ethical hacking activities in your businesses, finding and fixing security flaws that only a hacker could find.
Can you afford not to?
Increasingly complex cyber security threats, like IoT expansion and other huge security risks, are set to dominate 2017. This year improving your cyber security means learning how to think like a hacker.
By Alex Bennett, Firebrand Training. Alex has worked in the IT industry for the past three years. He writes regularly on IT security education, networking and cloud.