decrypting myths
Are there any
risks involved?
In order for ethical hackers
to perform their jobs properly,
organisations often have to
give them unprecedented access
to their systems and architecture,
which naturally carries a level of risk
with it. How much risk depends on the
individual/company used to conduct the
hacking activity.
As such, it’s critically important for
any organisation thinking of using
ethical hackers to make sure they
conduct a full background check and
ensure the necessary accreditation
and certifications are in place before
granting access.
As the volume and variety of threats out
there continues to grow at an alarming
rate, many organisations are employing
the services of ethical hackers in order
to hack themselves before someone with
more malicious intent does it first.
Doing so can be hugely beneficial in
terms of both knowledge and preparation
in the event of a real attack. However, like
so many things in life, there is no one size
fits all approach to cybersecurity.
teams with the information they need to
act swiftly and decisively in the event of
an attack.
Knowledge sharing and
attack demonstrations
Tim Bandos, VP of Cybersecurity at
Digital Guardian
response plan in place. For this reason,
many ethical hacking companies also
offer a range of pre-emptive services,
using their knowledge of how hackers
operate to arm employees and security
www.intelligentciso.com
|
Issue 18
Another service offered by many ethical
hackers is demonstrating popular attacks
in action and showing senior executives
the real-world impact that such attacks
could have on their business, but in a
safe and controlled environment.
Doing so helps executives to prioritise
security spending and understand first-
hand how different attacks could impact
operations in the short, medium and
long term.
Ultimately it is up to every organisation to
look at their existing security approach
and decide if employing the services of
ethical hackers is right for them. u
While many ethical
hackers use the
same methods and
tactics as criminal
hackers, there is a
very clear distinction
between the two.
69