Should Companies Hire a Hacker to Protect Their Networks?
The rise of “White Hat” ethical hackers
Companies hire outside accounting firms, attorneys and engineers—some even hire ethical hackers to break into their computer systems. Called “White Hat” hackers, these cybersecurity professionals use their power for good, to probe networks for vulnerabilities.
What are ethical hackers?
White Hat hackers set up myriad simulated threats that mirror cybercrime activity. In many cases, exercises to penetrate a company’s network are carried out without the knowledge of employees. The idea is to test staffers’ readiness in responding to potential threats. Tasks aren’t limited to hacking into someone else’s system. All kinds of security gaps could be exposed.
A tester could put on a delivery uniform and see how far he could get inside a data center, or drop a USB drive in a common area and see if someone plugs it in to see what’s on it, unleashing a potential virus. Various hacking tools can be deployed to crack passwords to try to get administrative privileges, or launch denial-of-service attacks.
Sending phishing emails is another way to test vulnerabilities.
Recently, a client forwarded an email to my marketing company. The communication had a threatening subject line, and the content accused the client’s company of illegally using a copyrighted image on its website. There were two links of “evidence” in the body of the email. Fortunately, the client did not download the link content. My security system identified viruses. I immediately contacted the client, and advised them not to click on any links and urgently contact their IT department for a full virus scan of their system.
Point being, sometimes humans unknowingly import viruses. Part of a good security protocol includes identifying phishing emails and training staff to not load files, click links or download files from unknown sources. This can be a task for a White Hat cybersecurity team.
Why hire a hacker?
In a climate where data breaches are an ever increasing, and potentially devastating, threat to businesses, White Hats are an appealing prevention method.
In 2015, IBM raised some eyebrows when it hired 1000 security specialists, many to do penetration tests, or “pen tests,” to see if they could gain access to IBM’s own secured networks. Today, the practice of hiring ethical hackers, either as part of an internal IT team or as a service, is becoming commonplace.
The major reason for hiring White Hats is to have people on the team that are trained hackers, using the same logic and tools as bad actors. Staying a step ahead of criminal hackers could not only save a business from devastating costs, it could protect the company’s reputation.
eSecurity Planet has a good curated list of top cybersecurity companies working with different size businesses. It is a good place to review services offered and form a list of questions to ask when hiring outside security consultants.
How popular is hiring White Hat hackers?
An Inc. survey recorded 21 percent of high-ranking executives from the country’s top 5,000 companies said they have hired an external team to break into their own systems as a security measure. The majority—87 percent—found the exercise worth the time and expense. Though costs can vary widely depending on company size and complexity, a business with $4 million in revenues can expect to pay between
$15,000 and $20,000 to have hackers test systems and security protocols every two years to improve a company’s chances of finding vulnerabilities.
Think only big companies are targets for cyberattacks? Hackers are attracted to smaller companies that may have weaker online security or use cloud services that don’t employ strong encryption. These factors make easy pickings for bad actors looking to steal valuable company data.
A booming job field
Bad actors continually come up with new ways to hack into company systems. Well-publicized breaches have elevated attention to the problem. While malicious hacks are felonies in the U.S. and most countries around the world, catching bad actors takes the same technical skills.
Certified Ethical Hacker (CEH) is a relatively new computer certification a person can obtain to work in this area of network security. Technical training is combined with an ethical oath to work on the legal side of hacking to identify vulnerabilities and create pre-emptive countermeasures to protect systems.
To say this sector of IT security is a fast-growing field would be a vast understatement. The New York Times reported there will be 3.5 million open cybersecurity jobs across the globe in 2021. The U.S. Bureau of Labor Statistics (BLS) projects job growth at a rate of 28 percent for the decade ending in 2026. This is far greater than job growth of 7 percent projected for all professions combined. The median annual wage for IT security analysts, as of 2017, was about $95,000, according to the BLS. This figure can vary based on experience and location.
A multipronged approach
Ethical hacking is just one approach businesses should be employing to keep their data and customer’s data secure. In the end, it is more cost effective for businesses to be proactive than to have to contact customers to alert them to a security breach.