How Ethical Hacking Can Improve Your Security Posture

Uploaded on 2021-11-11 in TECHNOLOGY--Hackers, FREE TO VIEW

Cyber security professionals see some threat actors or outside-parties as adversaries. However, challenging this mindset is important; you can better protect your organization against outside-parties if you understand how they think and operate. With this in mind, businesses around the globe have turned to hackers to test security infrastructure and develop stronger, more robust security practices.

Before deciding which penetration testing strategy could be right for your security policy, it is important to understand the different types of hackers that exist.

Each group has differing motivations, and you must be clear on which of their skills can be used to your organization’s advantage. 

Unauthorised Hacker 

Unauthorised hackers are cyber criminals motivated by personal or financial gain. They range from teenage amateurs to experienced individuals or teams with a specific remit. However, over recent years, several high-profile unauthorised hackers have refocused on using their cyber skills to protect organizations. An example is Kevin Mitnick aka Condor, who was just sixteen years old when he gained access to a Department of Defence computer.  Following this and numerous other hacks, Mitnick spent five and a half years in prison. Upon his release, he set up his own company, Mitnick Security Consulting, which now runs penetration tests for clients. 

The issue of whether to work with a previous unauthorised hacker is a contentious one. Some, including David Warburton, senior threat evangelist at F5 Networks, believe that hiring ex-hackers is critical in staying ahead of the threat landscape. However, others are concerned about allowing this group access to corporate systems and customer data. The latter group should, however, consider other approaches to working with hackers.  

Authorised Hacker

Often referred to as ethical hackers, authorised hackers are employed by organizations to look for vulnerabilities in security defences. Despite using the same tactics as unauthorised hackers, this group has permission from the organization making what they do entirely legal. While they use their knowledge to find ways to break the defences, they then work alongside security teams to fix issues before others discover them.

Many of the biggest organizations in the world, including General Motors and Starbucks, are turning to ethical hackers to help identify fault lines and proactively enhance security posture. Authorised hacking can offer an interesting and lucrative career path for people with technical skills. Drawing attention to the important role authorised hackers play can encourage more talented individuals to take a positive path instead of becoming unauthorised hackers.

Nurturing Talent

There are many programmes in place to find, encourage and support the next generation of authorised hackers. An example, supported by AWS, is r00tz Asylum, a conference dedicated to teaching young people how to become ethical hats. Attendees learn how hackers operate and how cybersecurity experts defend against hackers. The aim is to encourage people with technical expertise to use it for good in their career.  By equipping aspiring cybersecurity professionals with knowledge and skills, they can bake security into infrastructure, from the ground up. AWS’s support for r00tz is our chance to give back to the next generation, providing young people who are interested in security with a safe learning environment and access to mentors.

Building On Solid Foundations

For those responsible for maintaining customer trust and protecting data, an end to end approach to security is critical. As we have seen, working with ethical hackers is a powerful way to view security posture from a cyber-criminal’s perspective to identify and tackle vulnerabilities. However, it’s also important to remember that security needs to be baked in throughout an organization’s infrastructure. This is where partnering with a cloud platform can be beneficial; the best of these are developed to satisfy the needs of the most risk-sensitive organizations. Cloud platforms also offer automated security services, which can proactively manage security assessments, threat detection, and policy management.

In so doing, these platforms take on a lot of the heavy lifting for security professionals, including ethical hackers.

Esteban Hernández is a  Specialist Solutions Architect, Security at AWS

You Might Also Read:

The Value Of Network Pen Testing To Reduce Cyber Attacks:

 

« REvil Ransomware Gang Leaders Arrested in Poland
Microsoft Gets Serious About Dealing With The Skills Shortage »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.

CRYPTTECH

CRYPTTECH

CRYPTTECH specializes in Information Security and Intelligence, Risk Evaluation and Vulnerability Recognition against Cyber-Attacks and APTs.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

Infosec Global

Infosec Global

Infosec Global provides technology innovation, thought leadership and expertise in cryptographic life-cycle management.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

ContraForce

ContraForce

ContraForce is a threat detection and response software providing complete visibility across cloud, network, endpoints, user, and email with the ability to target and block threats in real-time.

DoQubiz Technology

DoQubiz Technology

DoQubiz is using the idea of security through obscurity to develop their proprietary Fractal Security Engine that implements a highly resilient data protection protocol.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

RecoLabs (Reco)

RecoLabs (Reco)

Reco empowers organizations to discover their SaaS applications, identities, and data, control access and prevent the risk of exposure.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

Vultara

Vultara

Vultara provides web-based product security risk management tools for electronics manufacturers.

Mesh Security

Mesh Security

Mesh Security transforms security data, tools, and infra for enterprise-wide visibility and control.

AI EdgeLabs

AI EdgeLabs

AI EdgeLabs is a powerful and autonomous cybersecurity AI platform that helps security teams respond immediately to ongoing attacks and protect Edge/IoT infrastructures.

TrustFour

TrustFour

TrustFour is a pioneer in workload and non-human identity security, providing innovative solutions for compliance, remediation, post quantum resiliency, and advanced threat defense.