Nowhere does the ‘it won’t happen to me’ mentality have greater repercussions than with Internet security.
According to a report from the Center for Strategic and International Studies, hackers cost businesses US$445 billion every year from cyber theft. From the Ashley Madison leak, whose hackers released login information on 32 million users of their infidelity network, to Target, Home Depot, and even Sony a year after the fact, no company is immune to a cyber-attack.
The way we think about modern hackers is outdated and naïve. Attackers aren’t holed up in a dirty basement with a stack of Mountain Dew cans; modern hackers are bold, charismatic and effective because the art of foiling security measures means tricking people into being trusting. As a result, the need and market for reputable ethical hackers – professionals who attempt to breach systems for the purpose of auditing, testing security, and shoring up virtual defenses – has never been higher.
Your information is more at risk than it’s ever been, and because of that, the need for quality, reliable ethical hackers is high. A strange term indeed, an ethical hacker is someone who legally tests an organisation’s cyber defenses and examines how, where, and when an attacker could infiltrate a network. These are individuals who use skills in programming, coding, and penetration to build instead of destroy a strong cyber defense, thus safeguarding an organizations information.
The following examples outline five core responsibilities of an ethical hacker:
1. Thoroughly test all aspects of a company’s security
Because attacks are often unpredictable, a good ethical hacker must be consistent in scheduling security measures and following protocols to ensure there aren’t any unaccounted vulnerabilities. The process typically includes:
Reconnaissance, or digging through all available public data – including search engines, social media, and company websites – to try and find vulnerabilities;
• Scanning, or specifically testing to find access through vulnerable ports in the network;
• Enumeration, or pulling a full list of users on the system; and
• Hacking, where passwords are stripped from the enumerated list and hashed.
This process then needs to be repeated multiple times, on different systems with different variables to make sure every potential weakness is identified. The hacker would then produce a report for the company outlining their vulnerabilities and the steps needed to secure them.
2. Practice constantly in virtual environments
Any ethical hacker worth their salt is not only constantly testing their network systems, but is also creatively anticipating future attacks. Many attacks are the result of lazy IT people or unsuspecting employees who offer up private information to a suave hacker; in fact, it is the end user who installs 70 per cent of all malware. Ethical hackers combat attackers by constantly practising within virtual environments and keeping their network consistently up-to-date on anti-viruses, firewalls, and more.
3. Stay informed on current trends
As technology develops, the ecosystem of Internet security is constantly changing, and ethical hackers must stay current on new viruses and methods of attack. Fortunately, several online education platforms offer up-to-date ethical hacking courses at a fraction of the cost of traditional education. Such courses provide the needed skills to thwart hackers’ efforts and help aspiring ethical hackers receive their certification.
4. Look out for red flags
If you’ve ever spoken about the topic of security with a poor college student, you’ve heard them repeat a common joke: “If a hacker wants my bank account info, they can have it; I don’t have anything to steal!”
However, the mentality that hackers are only after financial information is frankly untrue. Many average consumers aren’t aware that attackers often times are more interested in hijacking your computer’s capacity to create a botnet to launch an attack on a larger network, unbeknownst to the owner of the computer. Ethical hackers must be able to recognise seemingly innocuous symptoms – such as slow networks, disc drives randomly opening, heavy drive activity and unsolicited computer restarts – as red flags of larger issues.
5. Only hack when given permission
While this seems obvious, perhaps the most important trait of an ethical hacker is that they are ethical. First, good ethical hackers never hack a network without permission. Up-and-coming programmers may think it heroic or impressive to prove their worth to a company by seeking out vulnerabilities on their own, but this practice is reckless. True ethical hackers are not vigilantes, and don’t perform self-motivated, black-hat work. If all an ethical hacker’s efforts aren’t focussed on the security of the company they are working for, their motivations are in the wrong place.
In the world of cybersecurity, the simple fact is that the best defence is a good offence. Unfortunately, many IT professionals struggle with the harsh reality that when it comes to cyber attackers, they can’t stop them; the job of an ethical hacker is to slow them down. Attackers will never stop attempting to infiltrate networks, on the other hand trained, and watchful ethical hackers can help prevent many disastrous outcomes. Ethical hackers are the frontline defence against cyber attacks, and are a resource that, in today’s digital landscape, is an absolute necessity.