Cybercrime and its expensive consequences has been forecasted to surpass over $2 trillion by this year end. When faced with this looking threat, firms have explored a combination of conventional and unconventional methods to combat the threat to their organisation. One of the unconventional approaches include leveraging on the expertise of ethical or white hat hackers.
White hat hackers are not the typical villains typing code in green font on black monitors as movies made us believe. Ethical hackers are individuals that have expertise in hacking, but do so with the permission of the organisation engaging their services. In simple, ethical hackers help firms identify weaknesses and vulnerabilities in their digital systems, as opposed to taking advantage of weaknesses for personal gain.
“White hat hackers are more like expert penetration testers who test for security vulnerabilities in an information system by replicating the attacks black hat hackers would try. Hence they are better equipped to combat cybercrime, and they can work hand in hand with organizations help them protect their assets from cybercriminals,” says Remesh Ramachandran, one of the masters of ethical hacking.
Remesh Ramachandran started his career as an ethical hacker, and has evolved to working behind the scenes with government and international agencies to thwart complex cybercrime. His contributions have earned him recognition from the United Nations, Microsoft, Intel, McAfee, Lenovo, Ebay, MasterCard, the University of Cambridge, and Harvard University. His spotting of the Cross-site Scripting has earned him a place in the Google Hall of Fame. When he’s not out fighting cybercrime, Remesh Ramachandran is the CISO of a prominent organisation.
As cybersecurity is gaining relevance with the rise of digital penetration, the attitudes towards the industry and of professionals within the industry have started to shift. Ethical hackers like Remesh Ramachandran help organisations stay prepared against weaknesses in their systems. When organisations have fallible cybersecurity, incidents such as the Yahoo breach of 2013, Target breach of 2014 and Marriott breach of 2018 occur, even within more developed economies. However, one of the risks of engaging an ethical hacker is, they have significant exposure to the organisation’s sensitive data, which could sway them away from their initial good intentions.
One method through which organisations explore engaging ethical hackers is through offering bug bounties, that are hefty and enticing enough for ethical hackers to bring their discoveries. This also legitimise the profession, and safeguards the ethical hackers against stigma from society, as this professional is still relatively nascent. As an expert in the industry, Remesh Ramachandran extensively writes about how data breaches and cyber security lapses can be prevented with the help of trained ethical hacking professionals. His research has been presented at several information security conferences like DEFCON, BlackHat and Hackers Halted.
As organisations grow more digital, it is essential for them to routinely engage ethical hackers to check for vulnerabilities in updated systems. Organisations are often unaware of where to begin when it comes to hiring an ethical hacker, and how to foster an environment of trust and belonging amongst the other employees of the organisation. Educating the employees within the organisation is the primary springboard for creating an environment of acceptance when white hat hackers are brought into an organisation.
By having protocols and processes that allow for white hat hackers to be duly compensated and acknowledged for their critical role in securing an organisation’s data and digital platforms, the perceived risk of engaging with a white hacker could be mitigated.
Recently, prominent security lapses like the Equifax breach and Sony breach have resulted in significant short term losses for the organisations involved. In the west, countries like the United States and France have already committed to amplifying their cybersecurity efforts by allocating more federal budgets and increasing skilled staff. Regulatory requirements such as the GDPR have already started to take effect. As India moves towards stronger digital connectivity and adoption, the need and demand for robust cybersecurity will increase exponentially. In the future, we can see ethical hacking move from a relatively niche profession to a more mainstream profession.