Cybercrime and its expensive consequences have been forecasted to surpass over $2 trillion by the end of this year. Firms have explored a combination of conventional and unconventional methods to combat such threats to their organisations. One of the approaches includes leveraging on the expertise of ethical or white-hat hackers.
White-hat hackers are not the typical villains, typing code in green font on black monitors as movies make us believe. Ethical hackers are individuals that have expertise in hacking, but do so with the permission of the organisation engaging their services. Simply put, ethical hackers help firms identify weaknesses and vulnerabilities in their digital systems, as opposed to taking advantage of weaknesses for personal gain.
“White-hat hackers are more like expert penetration testers who test for security vulnerabilities in an information system, by replicating attacks that black-hat hackers could try. Hence they are better equipped to combat cybercrime, and they can work hand-in-hand with organisations help them protect their assets from cybercriminals,” says Remesh Ramachandran
, one of the masters of ethical hacking.
Ramachandran started his career as an ethical hacker, and has evolved to working behind the scenes with government and international agencies to thwart complex cybercrime. His contributions have earned him recognition from the United Nations, Microsoft, Intel, McAfee, Lenovo, Ebay, MasterCard, the University of Cambridge and Harvard University. His spotting of the cross-site scripting has earned him a place in the Google Hall of Fame. When he is not out fighting cybercrime, Ramachandran is the CISO of a prominent organisation.
As cybersecurity is gaining relevance with the rise of digital penetration, the attitude towards the industry and of professionals within the industry have started to shift. Ethical hackers like Ramachandran help organisations stay prepared against weaknesses in their systems. When organisations have fallible cybersecurity, incidents such as the Yahoo breach of 2013, Target breach of 2014 and Marriott breach of 2018 occur, even within more developed economies. However, one of the risks of engaging an ethical hacker is, they have significant exposure to the organisation's sensitive data, which could sway them away from their initial good intentions.
One method through which organisations explore engaging ethical hackers is through offering bug bounties, that are hefty and enticing enough for ethical hackers to bring their discoveries. This also legitimises the profession, and safeguards the ethical hackers against stigma from society, as this profession is still relatively nascent. As an expert in the industry, Ramachandran extensively writes about how data breaches and cybersecurity lapses can be prevented with the help of trained ethical hacking professionals. His research has been presented at several information security conferences like DEFCON, BlackHat and Hackers Halted.
As organisations grow more digital, it is essential for them to routinely engage ethical hackers to check for vulnerabilities in updated systems. Organisations are often unaware of where to begin when it comes to hiring an ethical hacker, and how to foster an environment of trust and belonging amongst the other employees of the organisation. Educating the employees within the organisation is the primary springboard for creating an environment of acceptance when white hat hackers are brought into an organisation.
By having protocols and processes that allow for white hat hackers to be duly compensated and acknowledged for their critical role in securing an organisation’s data and digital platforms, the perceived risk of engaging with a white hacker could be mitigated.
Recently, prominent security lapses like the Equifax and Sony breaches have resulted in significant short term losses for the organisations involved. In the West, countries like the United States and France have already committed to amplifying their cybersecurity efforts by allocating more federal budgets and increasing skilled staff. Regulatory requirements such as the GDPR have already started to take effect. As India moves towards stronger digital connectivity and adoption, the need and demand for robust cybersecurity will increase exponentially. In the future, we can see ethical hacking move from a relatively niche profession to a more mainstream profession.
Disclaimer: This content is distributed by Digpu. No Forbes India journalist is involved in the creation of this content.