Thursday, August 30, 2018

Ethical Hacking: An Update

How has the world of hacking changed over the past decade? More and more companies are hiring ethical hackers to hack systems and show vulnerabilities. Penetration testers try to access systems by any means possible, including through social engineering. Let’s look at what ethical hacking is, how it’s done, and how it will change in the future.

Source

Ethical Hacking

Commonly known as “white hat” hackers, as opposed to black hat, ethical hackers are generally employed by a company to hack into the company’s systems and show them vulnerabilities. Some will help patch up the holes, while others simply expose what’s wrong and leave it to the company’s IT team.

The word “hacker” carries a certain connotation and is usually negative. However, it’s best to think of them in “Old West” terms. The sheriff in the old west always wore a white hat and was the good guy. The outlaw wore a black hat. Hence, the terms white hat and black hat hacker; one aims to help while the other is malicious.

In order to combat black hat hackers, white hat hackers have to think like black hat hackers. Some may have even started as black hat hackers, gained skills, and decided to use those skills for good.

Unlike in previous years, where dealing with ethical hackers could be a grey area, white hat hackers are often certified as an ethical hacker. They can prove they are using their skills to benefit a company rather than trying to break into the company’s system and actually steal information.

Penetration Testers

Coincidentally, penetration testers do steal information. They can also steal physical computers, hard copies of information, and more. Pen testers are sometimes not limited to just computer systems. Instead, much like the mindset of a hacker mentioned above, they do whatever they can to access a system, such as using social engineering or email spoofing. They are often part of the “red team,” hired to find holes in security.

Imagine, for instance, someone calling IT and claiming they forgot their password. The password is reset, and the employee leaves happy. The problem is that it wasn’t actually the employee but someone posing as them who now has access to the system.

A member of the red team might be able to swipe a pass card, enabling them access to a server room. From there, they can directly connect to the server, accessing information. The sticky note Jan from accounting keeps on her computer monitor to remind her of her logins? Gone the next morning. Everyone from Microsoft to the U.S. Army employs red teams and pen testers to identify gaps in their cybersecurity and physical security that could lead to a system breach.  

AI and Machine Learning

How will this change in the future? The simple answer is that hackers will begin to rely on AI and machine learning to infiltrate systems. While many claim it is already happening, this is just fear mongering. Yes, as AI and machine learning become more accessible and powerful, hackers are likely to let the computer do all the work for them. However, we are not there yet.

Source

It’s important to understand how hackers can and probably will use AI and machine learning in the future, and to prepare defenses, but it’s still a ways off from being a reality. Instead, it’s important to take a step back and, with the help of ethical hackers, make sure your current employees are well trained.

Your Employees

An accountant might be using Starbucks as a virtual office, doing work using an office laptop. What they might not know is that the network they are connected to isn’t actually the Starbucks’ network, but a dummy network, or “honey pot,” and the open Wi-Fi network is used to observe data sent to and from the computer. Important corporate financial information could be stolen easily by a hacker without even trying hard.

Having a pen tester, ethical hacker, or red team tail employees and make sure they are observing good cybersecurity practices is essential. Employees can be a weak link in security, and without ethical hackers observing, you might never know what the employee is doing wrong. Instead, they need to be gatekeepers and the first line of defense, trained by ethical hackers on what not to do so as not to compromise otherwise tight security.

Ethical hackers are incredibly important in today’s corporate society. As black hat hackers get more advanced, using not just computer but social engineering — and soon enough AI and machine learning — to hack companies, it’s important to have someone who can identify where you need to increase security. Whether it’s training employees to be more observant or creating a more secure server, ethical hackers, pen testers, and red teams will help your company be more secure.

      

The post Ethical Hacking: An Update appeared first on Cybersecurity Insiders.


August 30, 2018 at 09:09PM

0 comments:

Post a Comment