A recent report conducted by Lloyd’s of London predicts that a worldwide cyber attack could result in approximately $53 billion of economic losses, an amount similar to the costs from U.S. Superstorm Sandy in 2012 (Reuters, 2017). In light of this figure and the rise of cyber attacks over the past several months, the call to strengthen cyber security has become loud and clear. Ethical hacking, where someone acts like a malicious hacker (after obtaining permission) in order to identify vulnerabilities in a system, is one means to significantly improve an organization’s cyber security. There is a lot of misinformation, however, about ethical hacking and the people that perform these services. Here are three ethical hacking myths, and why they are incorrect:
- Ethical hackers are not as knowledgeable as malicious hackers. Some “white hat” (ethical) hackers actually used to be “black hat” (malicious) hackers, so there is no difference in ability level (LANInfotech, 2017). According to Cyber Security Intelligence (2017), “Ethical hackers, like any other hacker, may also venture into the dark web to gain intelligence and learn about new exploits.” The main differences between ethical hackers and malicious hackers are their intentions, and whether or not their actions are legal and performed with permission.
- Performing ethical hacking once is enough. On the contrary, it is helpful to perform ethical hacking regularly. SystemExperts CEO Jonathan G. Gossels analogizes this process to an annual physical. His cyber security company “tests clients’ digital defenses on a yearly basis or if there is a change in management” (Milliken, 2017). Analysts evaluate a company’s size and type of information stored when deciding the degree of security needed, and then they search for potential risks.
- It is best to hire an ethical hacker from outside of the company. While there are businesses out there that specialize in contracting cyber security and ethical hacking services, you can equip your own technical professionals with ethical hacking skills by providing training or specialized certification courses (Milliken, 2017). Having people on the inside perform ethical hacking for the company might also feel less risky, though there are pros and cons to either choice.
Despite its advantages, ethical hacking has yet to gain mainstream acceptance, perhaps because of some of these ethical hacking myths. Those organizations looking to cover their bases and ensure their network is secure will benefit from implementing some form of ethical hacking, however, as it is better for an ethical hacker to find the vulnerabilities before someone else does.
Interested in providing ethical training for your organization’s technical professionals? Check out IEEE’s online training Hacking Your Company: Ethical Solutions to Defeat Cyber Attack.
(2017). White hat. vs. black hat hackers and the need for ethical hacking. LANInfotech.
(2017, Jun 5). Ethical hacking can beat black hat hackers. Cyber Security Intelligence.
Barlyn, S. (2017, Jul 17). Global cyber attack could spur $53 billion in losses: Lloyd’s of London. Reuters.
Milliken, K. (2017, Jul 17). Ethical hacking: At WPI, a search for computer vulnerabilities. Telegram.