There’s a secret to corporate security that may surprise you – get a “white-hat” hacker to expose vulnerabilities in your company’s systems.
A white-hat hacker is a digital security specialist who attempts to break into protected systems and networks to test and assess their security. It’s all about intention: black-hat hackers have a similar skill set, but break into systems to steal data or do damage.
Forward-thinking organisations are recruiting white hats to discover and repair any vulnerabilities – by hacking the systems first.
Needless to say, it’s crucial to find professional white hats your company trusts before granting permissions for network tests. But the results may surprise you – and save your company from disaster.
Here are just three of the ways hacking can improve cyber security:
Hacking exposes holes
White-hat hackers use a combination of vulnerability and penetration-testing techniques to gauge a business’s IT system and flag liabilities – in much the same way a criminal hacker would. Security staff can then analyse results to remediate weaknesses, develop stronger defences and lower overall risk.
Every year since 2012, an alliance of Australian government, business and academic professionals known as CySCA has run a 24-hour hacking competition designed to test technical skills and foster local cyber-security talent. Competitions such as this deliberately target an organisation’s online infrastructure to determine the possibility of malicious activities and system weaknesses.
Hacking adds value
Integrating ethical hacking into existing security initiatives such as internal audits and compliance checks can have the added advantage of providing clients with in-depth security assessments at the same time as recruiting highly skilled individuals.
In early 2016, France’s national state-owned rail company, SNCF, made headlines when it used an online hacking game called The Impossible Challenge as a targeted recruitment tool for white hats to hack its own mainframe. The challenge was a success with just six of the 11,256 competitors completing all stages.
Hacking is proactive
Hacking allows organisations to get ahead of the problem without inciting panic. Awareness of issues allows IT leaders to make level-headed, long-term security decisions rather than resorting to temporary fixes under pressure in the wake of an attack.
Many websites and software developers offer “bug bounty” deals where participants receive payment and recognition for finding and reporting system vulnerabilities. This year Facebook paid 22-year-old Anand Prakash, a software engineer from India, $US15,000 for informing the company of a bug that allowed access to messages, credit/debit card details, and photographs.
In a report earlier this year, Facebook security engineer Reginaldo Silva said: “Since it launched in 2011, our bug bounty program has received 2400+ valid submissions and awarded more than $US4.3 million to 800+ researchers around the world.”
Cyber security has become a business risk, not just an IT risk. Discover the latest security trends for Australian and Asia Pacific businesses and get insights to help reduce these risks.Download the report