Today’s digital age is growing more and more vulnerable to the increasing dangers of cyber fraud. Cybersecurity has therefore assumed great importance in the corporate world. In this scenario, the role of ethical hackers has become something of a paradox. IT professionals weighed in on the debate with their views on Tuesday.
In the world of crowd-sourced solutions, the role of an ethical hacker can’t be trivialized, said a spokesperson of iGCB, Intellect Design Arena. In most cases, ethical hackers are ethical unless the engagement team tries to oversmart them or set unrealistic goals. “It is important to interview and have a background check done before engaging an ethical hacker. For this reason, either a firm’s affirmation and ownership for liability and/or community ratings of the professional gives us legal comfort on the engagement.”
According to Niraj Gupta, Director, Macro Computing Solutions Co, some argue that any type of hacking, even with good intentions, could potentially lead to unintended consequences.
Others believe that ethical hackers’ commitment to transparency, legal authorization, and harm reduction makes them demonstrably ethical actors. However, ethical hackers are generally considered ethical because they use their skills to identify and fix security vulnerabilities with the permission of the system owner, aiming to improve overall security.
Ethical hackers are considered ethical because they operate within legal boundaries and with explicit permission, said Mak Samyuthea, Collaboration and Partnership Manager of Enterprises Go Digital. Their goal is to improve security by identifying and fixing vulnerabilities rather than exploiting them for malicious purposes. Ethical hackers typically follow a strict code of conduct and adhere to legal and ethical guidelines.
“Ethical hacking, also known as penetration testing or white-hat hacking, involves authorized and legal attempts to identify and exploit vulnerabilities in computer systems, networks, or applications to help improve their security,” added Mak.
With professionals, there are no dangers as such if the execution is done in a non-production system or environment, said the iGCB spokesperson. “The internal security team along with application and infrastructure teams ensure the logistics are arranged in such a way that the access and information sharing is limited to the scope and objective. A close coordination and monitoring of the target system are done to provide timely intervention if something deviates in the engagement,” said the iGCB spokesperson.
While ethical hacking is generally considered safe and legal when performed with proper authorization, there are potential dangers, continued Mak. Miscommunication or misunderstanding between the organization and the ethical hacker could lead to unintentional damage or data breaches. Additionally, vulnerabilities discovered during ethical hacking might be exploited by malicious actors if not promptly addressed by the organization, he added.
“As a security professional, we condone ethical hackers as they become an extended arm for the security team,” said iGCB. However, the ecosystem must have stakeholders from different backgrounds, especially a specialist in the hacking space to give the engaging firm an advantage of a third eye perspective to simulate a real hacker.
Ethical hacking, when conducted responsibly and with proper authorization, is generally condoned, felt Mak. It plays a crucial role in strengthening cybersecurity defences by identifying weaknesses before malicious hackers can exploit them. Ethical hacking helps organizations stay one step ahead of cyber threats.
Ethical hacking is a valuable practice when conducted ethically, legally and with the proper safeguards in place. It helps organizations protect sensitive information from malicious actors.