How Ethical Hacking Can Improve Your Security Posture

Cyber security professionals see some threat actors or outside-parties as adversaries. However, challenging this mindset is important; you can better protect your organization against outside-parties if you understand how they think and operate. With this in mind, businesses around the globe have turned to hackers to test security infrastructure and develop stronger, more robust security practices.

Before deciding which penetration testing strategy could be right for your security policy, it is important to understand the different types of hackers that exist.

Each group has differing motivations, and you must be clear on which of their skills can be used to your organization’s advantage. 

Unauthorised Hacker 

Unauthorised hackers are cyber criminals motivated by personal or financial gain. They range from teenage amateurs to experienced individuals or teams with a specific remit. However, over recent years, several high-profile unauthorised hackers have refocused on using their cyber skills to protect organizations. An example is Kevin Mitnick aka Condor, who was just sixteen years old when he gained access to a Department of Defence computer.  Following this and numerous other hacks, Mitnick spent five and a half years in prison. Upon his release, he set up his own company, Mitnick Security Consulting, which now runs penetration tests for clients. 

The issue of whether to work with a previous unauthorised hacker is a contentious one. Some, including David Warburton, senior threat evangelist at F5 Networks, believe that hiring ex-hackers is critical in staying ahead of the threat landscape. However, others are concerned about allowing this group access to corporate systems and customer data. The latter group should, however, consider other approaches to working with hackers.  

Authorised Hacker

Often referred to as ethical hackers, authorised hackers are employed by organizations to look for vulnerabilities in security defences. Despite using the same tactics as unauthorised hackers, this group has permission from the organization making what they do entirely legal. While they use their knowledge to find ways to break the defences, they then work alongside security teams to fix issues before others discover them.

Many of the biggest organizations in the world, including General Motors and Starbucks, are turning to ethical hackers to help identify fault lines and proactively enhance security posture. Authorised hacking can offer an interesting and lucrative career path for people with technical skills. Drawing attention to the important role authorised hackers play can encourage more talented individuals to take a positive path instead of becoming unauthorised hackers.

Nurturing Talent

There are many programmes in place to find, encourage and support the next generation of authorised hackers. An example, supported by AWS, is r00tz Asylum, a conference dedicated to teaching young people how to become ethical hats. Attendees learn how hackers operate and how cybersecurity experts defend against hackers. The aim is to encourage people with technical expertise to use it for good in their career.  By equipping aspiring cybersecurity professionals with knowledge and skills, they can bake security into infrastructure, from the ground up. AWS’s support for r00tz is our chance to give back to the next generation, providing young people who are interested in security with a safe learning environment and access to mentors.

Building On Solid Foundations

For those responsible for maintaining customer trust and protecting data, an end to end approach to security is critical. As we have seen, working with ethical hackers is a powerful way to view security posture from a cyber-criminal’s perspective to identify and tackle vulnerabilities. However, it’s also important to remember that security needs to be baked in throughout an organization’s infrastructure. This is where partnering with a cloud platform can be beneficial; the best of these are developed to satisfy the needs of the most risk-sensitive organizations. Cloud platforms also offer automated security services, which can proactively manage security assessments, threat detection, and policy management.

In so doing, these platforms take on a lot of the heavy lifting for security professionals, including ethical hackers.

Esteban Hernández is a  Specialist Solutions Architect, Security at AWS

You Might Also Read:

The Value Of Network Pen Testing To Reduce Cyber Attacks:

 

« REvil Ransomware Gang Leaders Arrested in Poland
Microsoft Gets Serious About Dealing With The Skills Shortage »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Senate

Cyber Senate

Cyber Senate is dedicated to bringing Operators of Essential Services together with global subject matter experts to address the challenges of evolving cyber threats to critical infrastructure.

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

National Information Technology Development Agency (NITDA) - Nigeria

National Information Technology Development Agency (NITDA) - Nigeria

The National Information Technology Development Agency (NITDA) is committed to implementing the Nigerian National Information Technology Policy.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

CyFIR

CyFIR

CyFIR is a network investigation and Incident Response tool for performing live computer investigations across any size enterprise.

SecureAge Technology

SecureAge Technology

We’re a rapidly growing cybersecurity company with an 18-year history of ZERO Data breaches. Our security solutions place security and usability on equal footing. Learn more about our technology.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Hexagon

Hexagon

Hexagon is a global leader in digital reality solutions. We are putting data to work to boost efficiency, productivity, quality and safety.

Ignite Cyber

Ignite Cyber

IGNITE Cyber is focused on enabling secure technology adoption through intelligent business decisions. We are focused on providing a secure and stable business environment for everyone.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.