Using the skills of a hacker for good, rather than evil, is the essence of being an ethical hacker. Cyber security experts have adopted these abilities to highlight vulnerabilities in the computer systems of businesses and organisations. What separates ethical hacking from the more traditional definition of (malicious) hacking is the documented consent of the organisation being hacked.
Black vs White Hat
Ethical hackers are often referred to as ‘white hats’, while malicious hackers are ‘black hats’. These millinery descriptors come from old western films where the good, heroic cowboy often wore a crisp white Stetson and the mean, gun-toting drifters wore beat-up old black hats. Like the good cowboy, white hat hackers understand the ways and means of malicious hackers and use this knowledge to protect law-abiding citizens (and businesses and organisations) from attacks.
In addition to having consent, ethical hackers observe the privacy and other policies of the organisation they’re working for. Often working as contractors, they have access to the brain and beating heart of an organisation. So, it’s essential that they respect the privacy of that organisation and the individuals involved.
When they find vulnerabilities, ethical hackers take steps to resolve them and ensure that they can’t be exploited by others. This may involve alerting software developers or hardware manufacturers. In early 2018 several ethical hackers alerted Intel to a vulnerability in their chips that had been there for over 20 years.
The role of the Cyber Security expert
White hat hackers are not necessarily black hats who have learned the error of their ways and turned away from the dark side. Instead, ethical hacking is an extension of the cyber security process that goes beyond establishing systems and processes for a secure system.
Building on their strong programming and networking skills, cyber security experts collect a wide range of data through system audits to gain a complete understanding of an organisations vulnerabilities. Then they embark on penetration testing and adopt the behaviours of a hacker to attempt to exploit those vulnerabilities.
By identifying the vulnerabilities and identifying the methods of exploitation, they are able to resolve issues. This can be done in a test setting before systems go live, or in a real-world setting with fully operational systems and networks.
The impact of cyber security on business
The Global State of Information Security Survey 2018 shows that cyber threats to the integrity of data are a rising concern in business. Until recently it wasn’t unusual for organisations to take the view that ‘it’s unlikely to happen to us’. The Survey reveals that around 30% of businesses have reported loss or damage of internal records as a result of a security incident.
Despite the fact that one in three businesses have experienced a security incident, less than half have yet to introduce the key processes for managing cyber risk. This suggests that the need for experts to identify vulnerabilities is also on the rise.
Some organisations that are targets for hackers have introduced bug bounty programs to entice hackers to put on a white hat and claim a prize, rather than a black hat to exploit their vulnerability. Internet giants like Facebook, Google and the United States Department of Defense were early starters with bug-bounty programs that invited developers to discover and resolve bugs in their software and systems.
Now organisations of all sizes are running bug-bounty programs as part of their cyber security practices. Bugcrowd and HackerOne help these businesses establish bug-bounty programs then act as an interface for hackers, maintaining lists of the bounties on offer.
Essential skills for ethical hackers
For ethical hackers or penetration testers, strong programming and networking skills are just the basics. You also need a detailed understanding of the systems, software and networks you are planning to exploit. But these technical skills are not enough on their own.
The ethical hacker must have a variety of soft skills, most important of which is good ethics. When businesses and organisations invite cyber security experts into their computer systems to test their vulnerabilities, they need to know that the individual who has access to their most sensitive data will behave with good ethics.
Patience and persistence along with a keen eye for detail are also key. Penetration testers will conduct exhaustive audits and analyse reports and logs searching for minute doors that have been left open. Every aspect of these vast landscapes of information must be analysed, which can take a long time.
Essentially, to catch a hacker, you have to think like one. The cyber security expert must think outside the box and put themselves in the mind of a hacker.
Earn your white hat with a Master of Cyber Security at ECU
With Edith Cowan University’s (ECU) Master of Cyber Security, you can develop these essential ethical hacking skills. This program develops a deep understanding of network technology and security before taking a deep dive into ethical hacking and defence.
Your penetration testing practices will benefit from a focus on computer ethics and the law. You’ll explore the mind of the hacker and their use of deception to manipulate individuals through social engineering. And you’ll have access to the latest practical skills to penetrate secure systems in the emerging field of ethical hacking.
ECU is a pioneer in the field of cyber security with over 10 years experience in delivering cyber courses. Our academics regularly consult with the major banks, the Police, the Department of Foreign Affairs and Trade and Interpol. And we’re a lead partner of the Cyber Security Cooperative Research Centre, along with the WA State Government and 23 other industry, research and government partners.
With this fully online course, you’ll graduate in just 24 months. You can study when you want, where you want, and apply your learnings immediately in your existing job.
Find out about our online Cyber Security programs at ECU.