Rise of the ethical hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itproportal.com/2016/02/05/rise-of-the-ethical-hackers/

Data is one of our most valuable commodities, helping organisations better
understand their customers, spot trends and work more efficiently in
real-time. TalkTalk was just one of last year’s big names that learnt the
hard way what can happen if you leave your customer data unprotected, with
losses resulting from its data breach estimated at £30m to £35m. Companies
can often feel daunted by the sophistication of malware that brings
financial losses such as this, not to mention the damage to trust and
reputation it can cause. Even powerful government networks are being taken
down by third party DDOS (Distributed Denial of Service) attacks. However,
arming your business with the right means to protect itself can often be
simpler than you think.

The most vulnerable point of access to any company is its employees.
Whether this is a piece of software that hasn’t been recently updated, or
an employee’s mobile phone or smart watch, each of these represents a
potential access point into the corporate network. Even simple things like
logging onto public Wi-Fi networks with your company laptop or smartphone
to streaming the latest episode of Homeland, could be putting an entire
organisation’s IT infrastructure at risk. IT security shouldn’t just be the
priority of the CSO or IT department; it should be a priority for all, from
the CEO to the receptionist.

This is where the skillset of ethical hacking can make a real difference to
a business. Ethical hacking is essentially where someone uses the
techniques of a malicious hacker to identify the weak points in an
organisation’s cybersecurity, and uses that knowledge to improve its
defences. However, ethical hacking doesn’t just cover this kind of
penetration testing. With the right skills in place, ethical hackers can
advise businesses on all aspects of digital security, and make the
organisation much more resistant to attacks. This advice can range from
showing programmers and app developers how to make their code harder to
hack, to providing other members of staff with advice on choosing passwords
that are harder to guess, or how to not fall for phishing emails. It’s
clear that having access to a qualified ethical hacker is becoming an
increasingly important part of how firms protect themselves from malicious
external attacks. Google even has its own team of dedicated ethical
hackers, and rewards people who spot vulnerabilities in its products, as it
did with a Russian hacker who spotted a flaw in YouTube.

Speaking to Pluralsight author and industry expert Dale Meredith, he said
there is currently a massive skills gap in this space, with the Information
Systems Security Certification Consortium (ISC2) claiming there will be a
shortage of 1.5 million trained professionals by 2020. Clearly, given the
growing importance of security and ethical hacking as a skill set, this is
a worrying trend, and could leave many businesses more vulnerable to
attacks. However, as ethical hacking as a concept becomes more widely
known, there are greater opportunities for upskilling IT staff already in
the organisation, and recruiting new employees that have these skills.

This is where the IT department can empower all staff to protect the wider
business. The first step is ensuring existing staff have the right tools
and learning programmes available to upskill on ethical hacking. While
there are a number of training courses out there, it’s not enough to just
send someone on a day long course. Ethical hacking is a constantly changing
area, and it is far more effective for learners to have access to an online
course when they can keep refreshing their knowledge as new threats emerge.
At the same time, this on-demand approach much more closely matches how IT
professionals want to learn – learning at their own pace in any location.

Security shouldn’t end with the IT department and it should work with the
HR department to help raise awareness of these security issues and bridge
the knowledge gap. As PwC revealed in a recent study, 34 per cent of
compromises in an organisation’s cybersecurity originate from employees
themselves, whether maliciously or not. As a result, it is critical for
every employee to know how to prevent themselves from putting the company
at risk, whether it is through a weak password, clicking on an unsafe link
or using an unauthorised personal device in the office.

If 2015 has taught us anything, it’s that cyberattacks are here to stay. As
attacks become increasingly sophisticated, the skillset of employees should
follow suit. It is vital that businesses look to understand the threats
that are out there and are prepared to arm themselves with the right skills
to better protect the whole company.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.