decrypting myths
Protecting your
organisation
with ethical
hacking
Businesses are increasingly
utilising the skills of ethical
hackers to find vulnerabilities
in their networks before the
bad guys do. Tim Bandos, VP
of Cybersecurity at Digital
Guardian, discusses the rise of
ethical hacking as a defence
tactic and how organisations
can assess whether it is
right for them.
T
he ever-growing
and evolving
cyberthreat
landscape
provides a near
constant security
challenge. In
the past, many organisations relied on
building high perimeter defences in the
hope that criminals wouldn’t find their
way in, often with detrimental results.
Fortunately, most modern organisations
now realise that taking the time to
identify potential weaknesses and
addressing them properly is a far more
robust and reliable strategy. But what’s
the best way to go about doing this?
One increasingly common approach is
the use of ethical hackers – professional
third parties who organisations can
employ to purposefully penetrate their
IT ecosystem and tell them where key
vulnerabilities are.
This article will explore the concept
of ethical hacking, some of its main
applications and why it’s becoming
www.intelligentciso.com
|
Issue 18
increasingly popular among businesses
of all shapes and sizes.
What is ethical hacking?
Despite Hollywood’s best efforts to
convince us otherwise, not all types of
hacking are criminally motivated. Ethical
hacking is a specific type of hacking,
conducted by professional individuals
or companies, which systematically
attempts to penetrate target networks,
applications, devices or other systems
in order to find security vulnerabilities.
Once found, they are reported to the
resource owner for remediation before
they can be exploited.
While many ethical hackers use the
same methods and tactics as criminal
hackers, there is a very clear distinction
between the two. First and foremost,
ethical hackers almost always have
explicit permission from the ‘target’
company before they commence any
sort of hacking activity.
Secondly, they report all findings/
vulnerabilities to the company for
67