Thursday, 21 August 2014

Here's why every organisation needs an ethical hacker


By 

Protecting sensitive information should be every business’ number one priority, especially when high-profile data breaches are becoming increasingly common. But what can organisations do when cyber-attacks become more and more sophisticated and hackers are able to steal 1.2 billion username and password combinations? Well, as the well-known adage says “the best defence is a good offence”, so it’s time to recruit your in-house (ethical) hacker, if you want to keep your data safe.

Ethical Hacking from a company’s perspective

Every organisation is different; with different goals and objectives, different ways of operating, different websites, and of course different potential vulnerabilities.

By definition “an ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit.” The process of performing such attacks is called penetration testing and it allows companies to remediate critical vulnerabilities.

Tests like this are quite costly, normally starting from around £2,000 for a small company and increasing in proportion with the size of the organisation. These expenses are often hard to justify, especially for those who do not understand the magnitude of potential damages caused by a security breach.

Do you know the average cost of an attack? According to IDG Research a single hack can cost your small or medium sized business up to £600,000 before mitigation even begins. Not to mention the damage to brand reputation.
Photo courtesy of chanpipat/Freedigitalphotos.net

Hire a hacker to protect you

It’s better to be safe than sorry, now is the time to get an ethical hacker on board. But bear in mind that penetration testing is sensitive work and you need to be confident about who you are dealing with.

A Certified Ethical Hacker (CEH) is an expert in the fields of penetration testing, as well as everyday network and application security. They will be able to perform session hijacks, SQL injections, mobile platform hacks and other critical tasks to discover your network’s weak spots, including physical security, such as access to server rooms.

Tools, trick and techniques for future ethical hackers

Do you think your organisation could benefit from having an ethical hacker on board? Then why hire someone external, develop your own ethical hackers instead. The CEH course will teach your employee(s) the most up-to-date techniques to hack into the latest operating systems, such as Windows 8.1. They will learn practical skills, enabling them to thoroughly test your systems and ensure that vulnerabilities are patched.

Retrieving malware directly from hosting locations, tracking devices through Wi-Fi or Bluetooth or improving penetration test effectiveness – these are all possible with the help of some of these new tools, introduced at Black Hat USA 2014.

Are you interested in more of the latest methods and ways to protect against hackers? Don’t miss out on the European edition of Black Hat 2014, this October in Amsterdam.

Will you wait until it’s too late?

According to Katy Reynolds, a security consultant for Context Information Security, “there is a tendency for companies to bury their heads in the sand as no one wants to believe they are vulnerable to hackers or identify that money must be spent to fix potential problems,” which often brings devastating results.

What will your company do?

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.