The word ‘hacker’ rightly fills the business world with dread…
And this perception has only been reinforced in recent years following a series of high-profile news reports which exemplify the reputational and financial damage hackers reap.
The importance of these stories is constantly climbing the news agenda.
Last week, a cyber security researcher widely credited with helping to neutralize the global “WannaCry” ransomware attack earlier this year was arrested on unrelated hacking charges.
Which raises the question: “Can hackers ever serve a useful purpose?”
Here, the managing director of Manchester-based cyber security business Paul Harris gives his professional opinion on this topic.
Can hackers ever work for the benefit of business?
The short answer is “yes”. At Secarma, we employ “ethical” hackers to test systems and applications and identify weaknesses, using the same techniques and methods used by hackers.
Secarma’s team of 50 world class hackers regularly find and disclose serious flaws in security for a diverse range of clients including major brands and large multi-nationals.
High quality experts in this field are a rare commodity as their skills are in extreme demand.
Our commitment to educating the next generation of cyber security professionals means that we have several professionals at the start of their career.
Secarma is currently recruiting more ethical hackers as cyber-attacks increase in volume and complexity.
The fact that we have grown our consultant roster and retain many of our staff is testament to the quality of our company.
By having such a large staff distributed across various cities around the world we are able to provide a full and continuous service for our clients.
Are hackers targeting SME’s due to them being more vulnerable?
Everyone is a target. The rewards for targeting a multi-national are possibly greater than targeting an SME; however they will likely have a more mature security estate and greater resources with which to track down an attacker.
SMEs make an inviting target as their level of security is often much lower and this is demonstrated in the fact that 74% of all hacked companies are SMEs.
Budget constraints and lack of board-level awareness often mean that security is not a top priority.
In addition, SMEs are very often part of the third-party supply chain meaning that a multi-national may be compromised by an attack which initially began on an SME.
What preventative measures can companies take to protect themselves from being hacked?
There are a whole raft of measures businesses can adopt, but there really is no silver bullet in cyber security.
The key to success is planning and diligence alongside appropriate levels of investment in defensive technology and consultancy.
First and foremost, get the basics right.
Ensure that systems are fully patched, train staff in anti-phishing techniques, conduct a review of what access staff have to systems – based on their job role, and enforce a strong password policy.
Also make sure to review firewall rules based on your business’s needs – this can filter out a lot of malicious traffic before it even reaches your network.
If you’re serious about security then you should engage a cyber security company to simulate an attack and
test both your systems and your response.
Complacency is the enemy in cybersecurity.
Don’t assume it will only happen to someone else, that’s not an acceptable security policy these days.
Have a cybersecurity policy and stick to it, with someone who’s responsible and passionate about security inside your business enforcing it.