FANTASTIC (ETHICAL)
HACKERS AND WHERE
TO FIND THEM
As emerging technologies expand attack surfaces and
cyberattackers utilise more sophisticated methods, under-
pressure CISOs and their teams are facing more pressure
than ever. Here, Tabrez Surve, Regional Director – Gulf, Levant
and Turkey, F5 Networks, discusses how ethical hackers could
be the missing puzzle piece for cybersecurity teams.
Tabrez Surve, Regional Director – Gulf,
Levant and Turkey, F5 Networks
D
ata breaches
and cyberattacks
are on the rise
and hackers
are becoming
increasingly
sophisticated.
Across the world, businesses are finding
it difficult to grapple with rapidly shifting
cybercriminal motivations, tactics and
appetites for destruction. consider every single possible attack
vector when protecting applications. This
is where the ethical or ‘white hat’ hacker
can often make a difference.
The problem is exacerbated by emerging
technologies such as IoT constantly
expanding exploitable attack surfaces.
At the same time, massive volumes of
work data and applications are moving
to the cloud in various deployment
configurations, potentially leaving
additional swathes of data unprotected. Equipped with – one hopes – all the
skills and cunning of their adversaries,
the ethical hacker is legally permitted to
exploit security networks and improve
systems by fixing vulnerabilities found
during the testing. They are also required
to disclose all discovered vulnerabilities.
To both understand and keep pace
with cybercriminal mindsets, many
businesses are seeking to fight fire
with fire. It is particularly important to
74
While security architects have a wealth
of knowledge on industry best practice,
they often lack first-hand experience of
how attackers perform reconnaissance,
chain together multiple attacks or gain
access to corporate networks.
According to the 2019 Hacker Report,
the white hat hacker community has
doubled year over year. Last year,
US$19 million was doled out in bounties,
nearly matching the total paid to hackers
in the previous six years combined. Eye-
catchingly, the report also estimates that
top-earning ethical hackers can make up
to 40 times the median annual wage of a
software engineer in their home country.
SO WHERE DO YOU FIND THESE
MYTHICAL CREATURES?
The most common method is a ‘bug
bounty’ scheme operating under strict
terms and conditions. This way, any
member of the public can search for and
submit discovered vulnerabilities for a
chance to earn a bounty.
It can work well for publicly available
services, such as websites or mobile
apps. Rewards depend on the level
of perceived risk once the affected
organisation confirms the validity of
its discovery.
Using crowdsourcing and paying
incentives has obvious benefits. Hackers
Issue 15
|
www.intelligentciso.com