Ethical Hacking: The Oxymoron That Could Save Your Business
We have wanted to write about this touchy subject for a while now – Ethical Hacking and why companies should be getting their networks checked by Westprime.
‘Penetration testing’ has been a reality in the corporate world for longer than many realise (who else saw ‘Sneakers’ in the theatres?). However, it has generally been beyond the reach of small businesses. This has only become a problem until fairly recently, as there was a general sense that small and mid-sized businesses made poor targets for malicious hackers – they don’t have huge amounts of money on hand to pay ransoms (or to steal), and their data itself was not considered particularly tempting.
But as I said, that was yesterday. Today, even small businesses are reporting hacks, penetrations and unauthorised accesses of their data in record numbers, and many a small trader has had to close for good, either because of a direct loss or a loss of reputation caused by such a hack.
The reality is that there has been a need (if not a conscious demand) for ‘penetration testing’ – good-guy hacking – at the SME level for years.
James Kettle – The Bug Hunter – A BBC profile
The term hacker is often used pejoratively, but the ability to spot weaknesses in companies’ software and cyber-security systems is in high demand. Ethical hackers are now earning big bucks and the industry is growing.
James Kettle is a bug hunter – not of the insect kind, but of software.
He scans through pages of code looking for mistakes – weaknesses that criminals could exploit to break into a company’s network and steal data.
His computer science degree was a little slow-paced for his tastes so he looked around for something else to do and came across “bug bounty” programmes run by Google and browser maker Mozilla.
These are schemes that pay cash to hackers for spotting mistakes, or bugs, in companies’ software.
“They really made you work hard for each one and it took about 50 hours per valid bug I found,” he recalls.
The payoff, apart from the cash, was that he was struck by an insatiable desire to keep finding flaws in code. And this eventually turned into a lucrative career.
And he’s very good at his job.
What you need to find bugs
- Insatiable curiosity
- Solid technical expertise in web and networking technologies
- Patience and dedication
- Puzzle-solving abilities
He’s now one of the top-earning bug finders on HackerOne, a service that matches hackers with companies and governments looking for experts to test their software.
These elite ethical or “white hat” hackers can earn more than $350,000 (£250,000) a year. Bug bounty programmes award hackers an average of $50,000 a month, with some paying out $1,000,000 a year in total, say industry insiders.
Finding a bug that has never been found before is very rare and can lead to significant payouts, perhaps in the hundreds of thousands.
Mr Kettle works for software company PortSwigger, which makes the Burp Suite tool that many hackers use to probe websites to see if they are ripe for exploitation.
“I find new ways of hacking into websites and automating that, and I use bug bounties to prove my new techniques work,” Mr Kettle tells the BBC.
“It’s fun and challenging.”
Most software contains mistakes because it’s been written by fallible humans, and criminals are constantly scanning code for these vulnerabilities, often using automated tools.
So it’s a race to find these weaknesses before the bad guys, or “black hat” hackers, do.
But the risk of not doing enough to find these vulnerabilities is a potential hack attack resulting in stolen data, financial loss and damaged reputation. According to a recent report by security firm Nuix, 71% of black hat hackers say they can breach the perimeter of a target within 10 hours.
Perhaps it’s time more hackers came in from the cold?
West Prime Certified Ethical Hacking Qualification
The good news is that there is finally a programme to give CEH (Certified Ethical Hacking) qualification, and there are finally Ethical Hackers – Data security experts able to target your computer systems at your request and with your permission – in order to discover any critical weaknesses in your security.
The process is at once simple and terribly complex.
The white-hat hacker, or penetration tester, takes on the role of a data thief, malicious hacker or other digitally savvy ne’er-do-well, and uses all of the ‘tricks of the trade’ to try to penetrate your local or remotely stored data.
At this point, I should say that none of this involves typing furiously as pages of serious-looking green text scroll by on the screen, and I have never once raised my hands in the air and shouted “I’m in!”
…ok, maybe once or twice…
Yes, Westprime offers penetration testing now.
So, as you might have guessed by all this, Westprime now offers ethical hacking and penetration testing, among our other security and data protection services. I myself can add Certified Ethical Hacker to my list of titles, and your business, no matter how large or small, can know for certain whether your security is really strong enough to shrug off a skilled and determined attack.
Get in touch with us about any of your IT needs, from ethical hacking to website development, we are certain to help – call 01656 808002 or send a message via the Contact Form.