The global cost of cybercrime could reach £4.9 trillion annually by 2021, according to a recent report from Cybersecurity Ventures. Cyber crime incidents continue to plague organizations globally, even as businesses pour money into boosting their security.
But how do businesses deal with vulnerabilities they cannot identify? It only takes one smart hacker to discover a backdoor and get access to your sensitive data and systems. Organizations must identify the weaknesses in their cyber security, before — not after — they’re exploited by hackers. However, to beat a hacker you’ll need to think like one. Here’s how — and why — you should hire a hacker.
The Stakes Have Never Been so High
State sponsored hacking wreaked havoc in 2016, when Yahoo revealed that one billion accounts were compromised in the largest data breach in history. And as cyber crime becomes increasingly advanced, the threat hackers pose to businesses will only increase.
Leave your organization open to a data breach and it could cost you a massive £4.25m (on average). And that’s without considering the painful remediation and brand damage you’ll be subject to as a result.
These attacks aren’t restricted to huge multinationals. In UK, the latest Government Security Breaches Survey found that 74 percent of small organizations reported a security breach in the past year.
For any organization, a security flaw passing undetected is a huge risk, and when GDPR hits in 2018 the stakes will only increase.
The EU General Data Protection Regulation will come into force in 2018 and will govern how businesses handle customer data. Compliance won’t be easy, and the risk of non-compliance is massive, with potential £17 million fines.
Big businesses aren’t safe from this, and they’ll need to boost their data security to ensure compliance. Tesco was recently lucky to escape a £1.9 billion fine for a recent data breach.
How Hackers Will Boost Your Cyber Security
Not every hacker wants to attack your business and leak your sensitive data. There are hackers out there who are paid to protect, not provoke.
Known as “white hat” or “ethical hackers”, these security professionals strive to defend organizations from cyber criminals.
They’re not your conventional dark web lurking delinquents. Ethical hackers are IT security experts — trained in hacking techniques and tools — hired to identify security vulnerabilities in computer systems and networks.
According to ITJobsWatch, the average salary for an ethical hacker is £62,500. Considering the average cost of a data breach sits at £4.23m, that’s a small price to pay.
Businesses and government organizations serious about IT security hire ethical hackers to probe and secure their networks, applications, and computer systems.
But, unlike malicious “black hat” hackers, ethical hackers will document your vulnerabilities and provide you with the knowledge you need to fix them.
Organizations hire ethical hackers to conduct penetration tests — safe attacks on your computer systems designed to detect vulnerabilities.
To test their security, businesses often set goals or win states for penetration tests. This could include manipulating a customer record on your database, or getting access to an admin account — potentially disastrous situations if they were achieved by malicious hackers.
Ethical hackers leverage the same techniques and tools used by hackers. They might con employees over email, scan your network for vulnerabilities or barrage your servers with a crippling DDoS attack.
But instead of exploiting your business, ethical hackers will document security flaws and you’ll get actionable insight into how they can be fixed. It’s your responsibility to act on the ethical hacker’s guidance — this is where the hard work begins.
Without these harmless penetration tests security holes remain unseen, leaving your organization in a position that a malicious hacker could exploit.
Not Your Typical Dark Web Delinquents
Thankfully, the days of hiring underground hackers and bartering with bitcoins are over. There’s now a rich pool of qualified security professionals to choose from, complete with formal ethical hacking certifications.
Ethical hackers, or penetration testers, can be hired just like any other professional, but be certain to get tangible proof of your ethical hacker’s skills.
Candidates with the CEH certification have proved they know how to use a wide range of hacking techniques and tools.
What’s more, CEH certified professionals must submit to a criminal background check. These experts are committed to their profession and do not use their hacking knowledge maliciously.
Despite the relative youth of the ethical hacking field, these professionals have already proved their worth to some of the largest businesses in the world.
This year Facebook awarded a white hat hacker £32000 — its largest ever bounty — for reporting one “remote code execution flaw” in their servers.
That’s not the first time Facebook has paid out either. It’s long supported the efficacy of bug bounties, having paid more than £4 million to ethical hackers since it’s program debuted in 2011.
How to Hire a Hacker (Legally)
It’s important to understand what you actually want from your ethical hacker. Do this by creating a clear statement of expectations, provided by the organization or an external auditor.
Ethical hackers shouldn’t be hired to provide a broad overview of your policies, these professionals are specialized experts with a deep knowledge of IT security. Instead, ask specific questions like “Do we need to review our web app security?” or “Do our systems require an external penetration test?”
Before hiring an ethical hacker to conduct a penetration test, businesses should ensure an inventory of systems, people and information is on-hand.
Instead of hiring, many organizations develop ethical hacking skills in their own businesses by up-skilling team members through ethical hacking courses, like EC-Council’s CEH or the more advanced ECSA.
Your staff will get the skills they need to conduct ethical hacking activities on your own businesses, finding and fixing security flaws that only a hacker could find.