Anatomy of an #ethical #hacker: What it takes to #operate on the #frontlines of #cybersecurity

The perceived vision of a hacker – anti-social and geeky – is becoming increasingly inaccurate.

Modern hackers are social, curious, adaptable and motivated – either by inquisitiveness, the desire for financial gain, to influence politics or even to just embarrass their target

But, while they increasingly belong to professional and organised criminal groups, it would be a mistake to assume all hackers operate on an illegal basis.

What is an ethical hacker?
When we say ‘hacker’ the image that is often conjured is that of the Black Hat hacker, a criminal who steals or manipulates data. However, there is another category.

Opposing their criminal counterparts, ethical, or White Hat, hackers are individuals that use their technological skills to breach, and then help resolve vulnerabilities in cybersecurity measures rather than exploit them.

Ethical hackers use the same methods and techniques as Black Hats to test and bypass a system’s defences.

Rather than taking advantage of any vulnerabilities found, they document them and provide advice on how to fix them.

These gaps tend to be found in poor or improper system configuration, hardware or software flaws, and operational weaknesses in process or technical countermeasures.

A successful test doesn’t mean a network or system is 100 percent secure, but it should help it withstand automated attacks and unskilled hackers.

In order to do find those vulnerabilities, there are a number of different techniques and methods an ethical hacker can use to break through – just like the bad guys would:

  • They monitor a company to understand what data is created or collected and where any sensitive data resides
  • Test existing defences to see if they can find a way through, this could be via open ports or finding out of date security patches
  • Go through physical and digital bins for charts, passwords and any sensitive data that can be used to launch an attack – otherwise known as dumpster diving
  • Look over someone’s shoulder (shoulder surfing) to view what they are typing, which could be sensitive information such as credit card details

The key thing to remember is that these are some of the exact techniques a criminal would use in order to gain access to a company or individual’s most sensitive details. It’s this kind of insight and expertise that makes ethical hackers so valuable.

More than just a hacker

Much like Black Hat hackers, ethical hackers can be motivated by a number of different things.

These motivations can range from a sense of working toward the greater good, seeking professional kudos, being directly employed by an organisation or responding to a request.

For many organisations, ranging from American Airlines and Google to Apple and the US military, it has become increasingly common to place ‘bug bounties’, which entails challenging the public to identify vulnerabilities in their systems and report them for a reward.

These bounties can help incentivise Black Hat hackers to ‘turn a new leaf’ and use their talents for legal purposes.

For individuals interested in becoming ethical hackers, there are several avenues available to them.

They could work on a freelance basis, look for permanent employment within an organisation, or set about gaining official qualifications to demonstrate their skills.

A number of institutions, such as CRESTMile2SANS Institute and the EC-Council all conduct tests and award qualifications to attest to an ethical hacker’s skills.

In an increasingly competitive industry, these certifications are useful for businesses when determining the validity and expertise of a hacker, and are a crucial step for hackers to be considered ‘legitimate’.

As the cyber landscape becomes increasingly volatile, private enterprises and public organisations know that they need to bolster their cyber defence.

And while there are several different technologies that are valuable, White Hats are now being recognised as a powerful tool to add to an organisation’s arsenal.

Hiring or utilising an ethical hacker to maintain a constant vigil against cyberattacks is the next frontier of defence for organisations, as they understand how criminal hackers operate, and what data they will target.

This unique knowledge and expertise leads many ethical hackers to become an important part in the security of their organisations.