There is a common perception of ‘hackers’ in the media, so the word might not have particularly positive connotations for you. Many people consider hackers to be criminals breaking into to computer systems, stealing data and passwords, and taking money from businesses or individuals.
So when you hear the term ‘ethical hacker’ it might be difficult to understand how the practice of hacking could ever be ethical. As usual, however, the truth is much more complicated and it stems from the fact that hackers have been misrepresented by the media.
Just as a skilled criminal hacker can cause serious problems for a business, it’s actually the case that ethical hackers can actually be a huge benefit to a business too. But to understand how, we need to re-learn what it means to be a hacker.
An introduction to hacking
Did you know that when the word ‘hacking’ was first used, it wasn’t considered to be something negative? In fact, completely the opposite is true. The word was popularised at Massachusetts Institute of Technology (MIT) throughout the 1960s where it was used by engineering students to mean finding ways to bypass aspects of electrical systems to allow that system to be more efficient. This shows us that the initial idea of hacking was as a positive and useful activity.
But over the next 20 years, hacking began to be associated with negative and criminal practices. In the 1970s, for example, the common form of hacking was ‘phreaking’, which involved manipulating the dialling tone used by phones at the time. This allowed the hacker to make long distance calls for free.
In the 1980s when personal computers became commonplace we started to see hackers in the traditional sense that we know them now. Hackers were using their knowledge and programming skills for illegal activities. It’s this idea of the criminal hacker that most people now associate with the term. But it’s important to remember that for as long as there have been hackers who have been using their skills for illegal behaviour, others have been doing something different.
This has led to split in the way we think about hackers. ‘Black hat’ hackers are those that using hacking for criminal purposes, while ‘white hat’ hackers (also known as ethical hackers) use their knowledge to identify the problems in computer systems and help companies improve their cyber security.
What is ethical hacking?
Many specialist cyber security firms now offer ethical hacking as a service to help businesses to defend themselves. They do this by simulating the techniques used by black hat hackers which allow them to better prepare the business’s security infrastructure for a real attack. This makes it easier for a company to ensure their most sensitive data is protected.
Ethical hackers attempt to test a system to its limits to make sure that a business is as prepared as it can be from attack. As black hat hackers become more sophisticated and creative, it’s important to keep one step ahead of them otherwise there will be people who have the ability to get into your system, and you won’t have a way to stop them. There has been an increase in the number of high profile hacking cases in recent years, so businesses are now looking for ways for them to avoid becoming the next victim.
How can ethical hacking help?
The advantage of using ethical hackers is that you aren’t preparing blindly – they use the same techniques as black hat hackers, and so you are able to beat them at their own game. Ethical hackers attack cyber defences to help a business understand where the weaknesses are in their system. Once the ethical hackers have shown how the system could be breached, that gives a business the chance to fix the problem before a real hack occurs.
If you don’t use ethical hackers you will have no way of knowing whether system is strong enough to withstand an attack. You only need to look at the fact that some of the world’s biggest companies have suffered badly from hacking attacks to know that there are weaknesses in any system. If you can discover your own problems before the hackers do, then you’ll be in a strong place to keep your data and money safe.
What is the process of ethical hacking?
Ethical hackers use a variety of techniques in order to try to expose weaknesses and gain access to systems. Black hat hackers are generally expert programmers and often know the details of standard web security systems – so they will already be aware of the common vulnerabilities. So, good ethical hackers will have these skills and knowledge as well. They will mirror the strategies of criminal hackers and do anything from sending out fake emails asking for details to creating fake log-in screens that actually store the details that are typed into them.
Importantly, though, ethical hacking doesn’t stop at finding digital means of breaking into a system. A good ethical hacker will use criminal hacking tactics like surveillance of staff or even social engineering in order to find ways in. This could involve finding a way to trick a specific member of staff into handing over their password.
It’s worth remembering that if there are easy ways to get into a system, a hacker will seek them out – so ethical hackers work in the same way. They may uncover ineffective passwords or lack of training for staff on the dangers of hackers.
What about penetration testing?
If you’ve done a little research into ethical hacking you may have come across the term ‘penetration testing’. Penetration testing is related to ethical hacking but they are not the same thing. Penetrating testing is generally considered to be the form of ethical hacking where the hacker uses digital means and programming tricks to get access or take control of a system.
This is an important aspect of ethical hacking but it does not cover all of the other issues. It’s a better idea to seek out a firm that has experience in all aspects of ethical hacking rather than simply one that specialises in penetration testing.
Is ethical hacking right for your business?
Ethical hacking can be extremely useful for improving the cyber defences of any company. It’s vital that you choose a firm with experience working in the same industry with a great track record and reputation. If you want to be completely protected from cyber criminals, ethical hackers may be your best option.