Not all hackers are criminals. In fact, ethical hackers – security experts who infiltrate networks and computer systems with authorization from their owners – are increasingly being hired to identify vulnerabilities in cyber security systems, and helping organizations stop cyber crime before the attacks happen.

The need for ethical hackers is rising alongside increasing waves of cyber crime. According to  Accenture’s recent State of Cybersecurity Resilience report, cyber security attacks grew 31% between 2020 and 2021, with organizations receiving 270 attacks in 2021. IBM’s “Cost Of Data Breach Report,” published last year, found that such breaches cost businesses an average of $4.24 million USD, the highest recorded in the report’s 17-year history. 

According to Indeed.com, an ethical hacker’s job consists of three main roles:

  • Assessing security: Periodic assessments that include seeking vulnerabilities and suggesting ways to reduce risks
  • Threat modeling: Identifying what areas to focus on when securing the system (evolves alongside new applications and circumstances)
  • Documentation: Reporting findings with clear, well-written documentation

Ethical Hackers Say Industrial Sector Must Evolve on Cyber Security

One area where ethical hackers are increasingly needed is the industrial sector. As ComputerWeekly reported, a team of ethical hackers from the Netherlands recently won the Pwn2Own international hacker contest for spotting weaknesses in a number of industrial control systems. With the industrial sector currently undergoing a digital revolution, such vulnerabilities could potentially unleash wide-scale security breaches.

The ethical hackers, Daan Keuper and Thijs Alkemade, who won the same contest last year for identifying weaknesses in a widely-used teleconferencing platform, unearthed five vulnerabilities in applications used to manage systems or control communication. What they discovered revealed that the industrial sector’s tradition of separating IT and OT networks is no longer sustainable, since machines and equipment in a digitized industrial controls system will all be connected.

The industry will not easily solve this problem. Much of today’s machines and equipment are old and ill-equipped to handle modern security needs. Moreover, the IT network typically acts as the primary security source. Once breached, the OT network vulnerabilities make it “relatively easy to take over machines, modify processes or bring the whole thing to a standstill – with far-reaching consequences,” Alkemade told ComputerWeekly.

Keuper compared current security strategies to a castle surrounded by a moat, wall, and gates. 

“That works really well if you only have one or two drawbridges, because you can guard them well,” he said. “But in today’s digital networks, you have like a thousand drawbridges. That’s impossible to monitor or secure.” 

What can the industrial sector do to make their networks more secure? According to Alkemade and Keuper, IT and OT network professionals must start working together to better understand security needs. Because IT and OT have conflicting interests, with IT prioritizing confidentiality and OT prioritizing availability, the hackers concluded that this will require the industry’s culture to evolve.

As systems and networks become more connected, cyber crime is guaranteed to get worse. Is your organization aware of all the potential vulnerabilities in its network? Consider hiring ethical hackers or training your technical team to find them.

Supporting IT Departments

Aimed to assist businesses understand the weak points in their cyber security infrastructure, Hacking Your Company: Ethical Solutions to Defeat Cyber Attacks is an eight-course program from IEEE. It is ideal for mid/advanced technical professionals across all industries in IT, computer science, and related fields, as well as executives who need a working knowledge of ethical hacking.

Contact an IEEE Account Specialist today to learn more about training your organization using this course program.

Interested in learning more about this topic for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Loohuis, Kim. (31 May 2022). Industrial systems not safe for the future, say Dutch ethical hackers. ComputerWeekly.com.

Indeed Editorial Team. (17 May 2022). How To Become an Ethical Hacker (2022 Guide). Indeed.

(2021). State of Cybersecurity Resilience 2021: How aligning security and the business creates cyber resilience. Accenture.

While large-scale corporations likely have provisions in place for cyber threats, many smaller enterprises simply believe they’re too small to face cyber attacks, leaving them extremely vulnerable.

Under-investment in skills development coupled with a massive spike in outsourcing for more than a decade has left the industry with a growing shortage of skilled cyber security specialists. There’s now escalating demand for cyber security skills and a shrinking pool of resources – a shrinking pool that is able to demand ever higher rates, making essential cyber security unaffordable for all but the largest and most successful companies.

But before you forego cyber security for your company, consider the alternative.

Devastating Consequences

The consequences of a cyber attack, particularly for a small and medium-sized enterprises (SMEs), can be devastating. Loss of revenue is the primary cause of irreversible damage, from the theft of sensitive financial information and loss of suppliers. Subsequently, the costs for recovering and reinstating business could be huge, particularly with the loss of suppliers.

Company reputation is also impacted by a cyber attack. If consumers and suppliers believe cyber security is not a priority, they’ll look elsewhere for services.

And when you consider the potential fines involved, breaches to sensitive consumer information can lead to insolvency procedures for SMEs.

Proper Provisions

Putting the proper provisions in place will help ensure preparedness in the face of a cyber attack. For starters:

  • A backup procedure will speed up recovery. If company files are encrypted, it’s easier to restore and get back up and running.
  • Updating systems regularly is key to minimizing vulnerabilities in the company’s network. Make sure all computers run on the latest installation process and communicate the necessity for doing so, particularly to staff who ignore update notifications.
  • Employee training on cyber security is essential. Accidental clicks on harmful emails are primary entry points for hackers, so staff must be trained in identifying phishing emails.
SMEs cyber security system update cyber threats to small enterprise

Ultimately, as breaches become the new norm, a strong cyber security policy will aid in a long and successful future for any size company.

Where to Start with Your Enterprise Security

Get the cyber security training your organization needs now to stay secure. IEEE’s Cyber Security Tools for Today’s Environment is an 11-course cyber security training program designed to help businesses improve security techniques. Register today to get this for your company, or explore our other courses on the subject here.

Resources

Kennedy, J. (1 Mar 2018). Cybersecurity skills shortage. CSO

Wall, E. (1 Mar 2018). Cyber security threats and provisions for SMEs. IT Pro Portal

Following several recent high-profile cyber attacks, it is more critical than ever for organizations to evaluate their cyber defenses and ask themselves a number of basic cyber security questions to assess their vulnerability.

Each year brings new technological developments that improve people’s lives. At the same time, these advances also introduce new cyber security threats and more attack surfaces.

Moreover, dwindling resources, slow budget growth, increasingly hostile threats, the evolution of the Internet of Things, and expanding ransomware are major reasons why it is becoming more difficult to keep up with the changing threat landscape. Such reasons highlight the need for renewed organizational attention to cyber security. Is your organization vulnerable to a breach or cyber attack?

To evaluate readiness, here are some of the cyber security questions every business should be asking.

  • Do You Require Employees to Use Strong Passwords?
    Weak passwords cause of more than half of all data breaches, yet just 24% of small businesses enact policies requiring employees to have a strong password. It is critical to have a strict password policy in place to protect your network.
  • Are Your Employees Required to Change Their Passwords Regularly?
    Employees must be required to change their passwords regularly to protect data. Nearly 65 percent of businesses do not strictly enforce their password policy, despite having one in place.
  • When Possible, Does Your Business Use Two-Factor Authentication?
    Wherever possible, you should add an additional layer of data security by enforcing two-factor authentication, such as SMS authentication.
  • Are Employees Using Their Personal Smartphones for Work Purposes?
    Personal phones and devices significantly increase the chance of malware attacks when employees use them on the office network.
  • Do You Back Up Your Files?
    A cyber attack can make confidential files completely inaccessible. Protect them by keeping local backups of all critical files and storing copies on an offsite server.
  • Does Every Company Device Have Antivirus and Malware Software Installed?
    Make sure your organization installs the most up-to-date versions of antivirus and malware software on all organizational devices, and that they run properly.
  • Do You Limit the Number of Employees with Administrative Access to Only Those Who Need it?
    Administrative access rights should be assigned sparingly and given only to those employees who absolutely need it to conduct their jobs. Additionally, employees who are granted admin access must be trained and well-educated on security issues.
  • Do You Encrypt Databases and Customer Information?
    Without encryption, your organization’s sensitive data and customer information is accessible to hackers. To reduce data vulnerability, take steps to ensure all your information is encrypted.
  • Have You Trained Your Employees to Recognize Phishing Emails?
    Phishing emails account for nearly half of all cyber attacks, and employees often fail to spot them. It is crucial that every business train their employees to not respond to suspicious emails.

How does your organization prepare to handle a cyber attack? Are you looking for ways to strengthen your organization’s cyber security? If you identified gaps in any of these areas, IEEE provides cyber security and ethical hacking training to help organizations prepare. Learn more about organization pricing and request a quote here.

References:

Bose, Shubhomita. (2017, August 28). 11 Cyber Security Questions Every Small Business Should AskSmall Business Trends.

Gillin, Paul. (2017, January 30). Two-Factor Authentication: A Little Goes a Long WayIBM Security Intelligence.

IEEE Cybersecurity Vulnerability Navigator, 2017.

Lindros, Kim. (2016, September 7). A Small Business Guide to Computer EncryptionBusiness News Daily.