Forbes – Ethical Hackers: A Business’s Best Friend?

forbes-tech-councilBrands are under pressure to protect themselves and their customers from increasingly sophisticated cyber attacks. With daily media headlines and new regulations, consumers have never been more aware of the threats out there. As a result, businesses are being forced to take the issue of cybersecurity more seriously, facing it head on and putting in place the necessary steps (e.g., encryption, two-factor authentication and key management) to protect their data from hackers.

One avenue that’s not commonly talked about is the value that ethical hackers can have on a business. The common perception is that all hackers are the bad guys. But this is a mistake. As opposed to their Black Hat counterparts, who are out to use their skills on an illegal basis, White Hat hackers use their skills in an ethical manner to keep companies safe. They can be brought in to test and bypass a company’s defences and rather than taking advantage of any vulnerabilities, these are reported and advised on how to fix them.

To read the full article click here.

Information Age – Gemalto CTO: Beating ‘cybercriminals at their own game’

information-age-logo-text-onlyIn today’s business environment, data is king. Protecting this most valuable asset is key to effective security.

Data breaches can ruin careers, and permanently damage the reputation of organisations. Defending against these cyber attacks is a challenge, and a problem that keeps business leaders up at night.

Think like a hacker

Jason Hart – CTO of data protection, Gemalto – believes that in his role, thinking like a hacker has helped him “beat the cybercriminals at their own game”.

“Using business insights and my years of experience as an ethical hacker, I know how cybercriminals think.”

To read the full interview with Jason click here

AV Technology Europe – Confessions of a professional hacker: think your AV/IT is safe? This may change your mind

 

avte-logoAn Interview with Jason Hart…

 

The threats from cyber attacks are reaching epidemic proportions.

As I write this, an email with the headline ‘councils hit be 37 cyber attacks every minute’ has popped up on my screen. Surprised? After all, the subject of cyber threats for many is like discussing a life threatening illness or crashing your car. It’s something that happens to other people, right? Maybe. Maybe not.

Hart attack 

Jason Hart is a potentially very dangerous man, possessing the skills and knowledge to cause the kind of damage suggested above. Thankfully, Jason is a good guy. A successful “ethical hacker” now helping companies like yours. He knows how the bad guys think and what it is they want and the methods deployed to go and get it and – crucially – the best ways to stop them.

To read the full interview with Jason click here.

 

TechWorld – Anatomy of an ethical hacker: What it takes to operate on the frontlines of cybersecurity

techworldFormer ethical hacker and CTO, Data Protection at Gemalto Jason Hart lets us in on the secrets of ethical hacking.

The perceived vision of a hacker – anti-social and geeky – is becoming increasingly inaccurate. Modern hackers are social, curious, adaptable and motivated – either by inquisitiveness, the desire for financial gain, to influence politics or even to just embarrass their target.

To read the full article click here.

The benefits of ethical hacking for IT security

Hacking is getting easier and cheaper, so every enterprise should do it.

Wait… what? Of course, I’m talking about reaping the benefits of ethical hacking as a way of preparing for an actual cyber attack – the odds of which are increasing as hacking services become simpler to obtain.

Just about anything can be bought in the Internet these days, legal or otherwise. Rocket launchers, hard drugs and indeed hacking services have become as easy to purchase as books and music.

While some such services are available on the regular Web, more serious customers turn to the TOR, The Onion Network. Also known as the Dark Web, TOR enables buyers and sellers to transact with full anonymity using cryptocurrencies such as BitCoin.

Through TOR, hacking services have proliferated in recent years. They’ve been used by individuals with an axe to grind, such as Edwin Vargas, an NYPD detective. Driven by jealousy he paid $4000 dollars for over 40 email passwords, half of which belonged to police officers.

Another reason for growth in these services is that they are simpler to deliver. Technology is more straightforward than it used to be — witness how people can create web sites or drive smart phones, for example. By the same token, the barrier to entry for hackers is lower.

As confirms a report from Rand Corporation, “Greater availability of as-a-service models, point-and-click tools, and easy-to-find online tutorials makes it easier for technical novices to use what these markets have to offer.”

Why Hacking Is Becoming Easier

As a result the threat is growing. But isn’t it always? Am I just going to say “be vigilant” and then we all get on with our lives?

Well, no, because there’s an additional factor which means this proliferation can no longer be ignored. It’s about the nature of the attack surface.

In traditional computing models, we could consider this in three parts: first the physical environment; then the computer hardware; then the software. Policies, procedures and protections would be considered for each.

In the virtual world, the physical and hardware layers have been architected to create a reasonably robust underlying platform. Yes, sure, this still needs protecting but to a large extent it already is — the controls are well known and straightforward to check.

On top of this platform we — the global we, of corporations and providers — have created a massively scalable, massively interconnected but massively complex virtual compute environment.

Here’s the point: even as it gets more complex and harder to protect, it is becoming simpler to hack and exploit. We can’t just stand by and hope it isn’t going to happen, because automation will ensure it will.

Continues the Rand report, “Hyperconnectivity will create more points of presence for attack and exploitation, so that crime will increasingly have a networked or cyber component, creating a wider range of opportunities for black markets.”

But Ethical Hacking is Easy, Too

What to do? There’s only one answer really, and that’s to get there first. Penetration testing (ethical hacking) has been around for years; indeed it used to be my job. And just as computers can be programmed, so can exploits — there are libraries of them freely available.

We should not be daunted by kicking off such activities, of running a program of checks for back doors into our own systems. It’s not that hard to do — that’s the point. If it was, the bad guys would be looking for easier ways to make money. The many benefits ethical hacking offer organizations will certainly outweigh the bit of time and effort required to implement it.

If you don’t want to do it yourself, you can engage an (ethical) service to do it for you. As we already know, there are plenty of them around. You don’t have to check all your IT systems and services, just the ones that give access onto the data you have that is worth protecting.

Which raises a final point: If you don’t already know what data you have that is worth exploiting, for heaven’s sake work it out. Then check whether it is accessible.

There will be a cost, but after all, it will be worth your while paying a relatively small sum up front, rather than shelling out to repair the damage later.