Not all hackers are criminals. In fact, ethical hackers – security experts who infiltrate networks and computer systems with authorization from their owners – are increasingly being hired to identify vulnerabilities in cyber security systems, and helping organizations stop cyber crime before the attacks happen.
The need for ethical hackers is rising alongside increasing waves of cyber crime. According to Accenture’s recent State of Cybersecurity Resilience report, cyber security attacks grew 31% between 2020 and 2021, with organizations receiving 270 attacks in 2021. IBM’s “Cost Of Data Breach Report,” published last year, found that such breaches cost businesses an average of $4.24 million USD, the highest recorded in the report’s 17-year history.
According to Indeed.com, an ethical hacker’s job consists of three main roles:
- Assessing security: Periodic assessments that include seeking vulnerabilities and suggesting ways to reduce risks
- Threat modeling: Identifying what areas to focus on when securing the system (evolves alongside new applications and circumstances)
- Documentation: Reporting findings with clear, well-written documentation
Ethical Hackers Say Industrial Sector Must Evolve on Cyber Security
One area where ethical hackers are increasingly needed is the industrial sector. As ComputerWeekly reported, a team of ethical hackers from the Netherlands recently won the Pwn2Own international hacker contest for spotting weaknesses in a number of industrial control systems. With the industrial sector currently undergoing a digital revolution, such vulnerabilities could potentially unleash wide-scale security breaches.
The ethical hackers, Daan Keuper and Thijs Alkemade, who won the same contest last year for identifying weaknesses in a widely-used teleconferencing platform, unearthed five vulnerabilities in applications used to manage systems or control communication. What they discovered revealed that the industrial sector’s tradition of separating IT and OT networks is no longer sustainable, since machines and equipment in a digitized industrial controls system will all be connected.
The industry will not easily solve this problem. Much of today’s machines and equipment are old and ill-equipped to handle modern security needs. Moreover, the IT network typically acts as the primary security source. Once breached, the OT network vulnerabilities make it “relatively easy to take over machines, modify processes or bring the whole thing to a standstill – with far-reaching consequences,” Alkemade told ComputerWeekly.
Keuper compared current security strategies to a castle surrounded by a moat, wall, and gates.
“That works really well if you only have one or two drawbridges, because you can guard them well,” he said. “But in today’s digital networks, you have like a thousand drawbridges. That’s impossible to monitor or secure.”
What can the industrial sector do to make their networks more secure? According to Alkemade and Keuper, IT and OT network professionals must start working together to better understand security needs. Because IT and OT have conflicting interests, with IT prioritizing confidentiality and OT prioritizing availability, the hackers concluded that this will require the industry’s culture to evolve.
As systems and networks become more connected, cyber crime is guaranteed to get worse. Is your organization aware of all the potential vulnerabilities in its network? Consider hiring ethical hackers or training your technical team to find them.
Supporting IT Departments
Aimed to assist businesses understand the weak points in their cyber security infrastructure, Hacking Your Company: Ethical Solutions to Defeat Cyber Attacks is an eight-course program from IEEE. It is ideal for mid/advanced technical professionals across all industries in IT, computer science, and related fields, as well as executives who need a working knowledge of ethical hacking.
Contact an IEEE Account Specialist today to learn more about training your organization using this course program.
Interested in learning more about this topic for yourself? Visit the IEEE Learning Network (ILN) today!
Resources
Loohuis, Kim. (31 May 2022). Industrial systems not safe for the future, say Dutch ethical hackers. ComputerWeekly.com.
Indeed Editorial Team. (17 May 2022). How To Become an Ethical Hacker (2022 Guide). Indeed.
(2021). State of Cybersecurity Resilience 2021: How aligning security and the business creates cyber resilience. Accenture.
No comments yet.