Hacking for good

Ryan Boyd
Hacking for good

Microsoft, Apple, Facebook, Google, and even the US government have done it. It’s becoming an increasingly common solution to an escalating problem. We’re talking about hiring hackers to fight hackers.

Cybercrime is big business and showing no signs of slowing, with bad guys all around the world trying their best to get through the defences of businesses on a daily basis. As it turns out, the best way to stop them is to get honest hackers on board to find the vulnerabilities before the criminals do.

SEE ALSO: Survival of the (digitally) fittest

Brandon Yeager, Information Security Specialist at Mako Networks, is one of the good ones.

“What we do consists of getting a ‘white hat’ hacker, that’s what we call the security professionals, using the same tools that a criminal hacker would use to gain entry to someone else’s network.

“With the prevalence of hacking tools out there, there is a lot people that can use them for nefarious purposes. But the security professionals also use those tools to look for vulnerabilities in the system and identify them and close them before somebody else gets there first.”

Brandon grew up in Silicon Valley and honed his security skills at an afterschool job for a robotics company, and knows all too well the dangers hackers pose to companies.

“It’s really, really big business, there’s billions of dollars in the cybercrime world right now. It’s kind of evolving beyond single lone wolf hackers to criminal organisations that will have a team going after high profile targets.

“Another thing that's leading the increase is what they call hacktivism, which is people that don’t necessarily have money making in mind behind their cybercrime activity, it’s more for political reasons, like you saw during the election.”

Companies like Brandon’s have become increasingly common in the past few years, and while penetration testing may be a buzzword at the moment, it doesn’t have the same security as a full vulnerability assessment.

“The goal of a pen test is basically to breach the fence and get in one way. These are usually conducted under limited time constraints, which differ from a hacker, a bad guy, who can spend months trying to break into a system.

“A vulnerability assessment is sort of a full spectrum to see all the different ways it would be possible to breach that defence.

We all know technology moves fast, however Brandon claims that security facet of IT is probably the fastest changing one.

“Things change on a day-to-day basis. And as more operating systems and more products are released, the potential for vulnerabilities increases, and more and more people are getting breached.

“It’s a bit of a cat and mouse between the good guys and bad guys, and of course the more high profile a corporation is, the more potential attackers there are always looking and probing for way in.”

It’s this constant battle that causes so many companies to let their guard down.

“The truth of the matter is even in larger sized businesses, the system admins have a lot of things they have to keep on top of, and unfortunately some of the security stuff is a bit of an afterthought, patch management being one of the big ones.”

Brandon says the cost of outsourcing security easily outweighs the cost of a breach.

“Not only can it have all kinds of financial implications, but it’s the reputation tarnishing that I think is the worst part of the attack. You see it with companies in the US like Target or UPS, where once they got breached, there’s this distrust from the customers on dealing with that company in the future, because they don’t want their data to get stolen, they don’t want their identity to get stolen.

“I always try and educate that to the businesses that it’s going to cost you way more in the long run if you get breached than if you do it right the first time and ensure everything is secured.”

SEE ALSO: Survival of the (digitally) fittest

Tags:
, , , , , , ,