Why is ethical hacking, pentesting or security research the best career option of 2017?
Hacking has various meanings and a hacker is not always necessarily a bad person. There are three types of hackers- white hats, gray hats and black hats. It also happens to be a top career option for wannabe engineers and software professionals as ethical hackers are sought after a lot these days. Let’s find out more…
As mentioned in our earlier article here, white hat hackers are security researchers or ethical hackers who break security for non-malicious reasons, either to test their own security system, perform penetration tests or vulnerability assessments for a client or while working for a security company which makes security software. They normally notify the vendor once they discover a vulnerability in software so that the flaw can be fixed. For identifying any flaws in software, companies that have bug bounty programs these days pay white hats anywhere between $500 to more than $100,000 by selling that information. White hats are also considered as ethical hackers.
A gray hat hacker lies between a black hat and a white hat hacker. A gray hat hacker can be individual hackers or researchers who surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee. Grey hats normally sell or disclose their zero-day vulnerabilities not to criminals, but to governments—law enforcement agencies, intelligence agencies or militaries presuming that they use the vulnerabilities responsibly for the public good. The government’s use those security holes to hack into the systems of adversaries or criminal suspects.
Considered as criminals, a “black hat” hacker is a hacker who “violates computer security for little reason beyond maliciousness or for personal gain”. Black hat hackers use their expertise to find or develop software holes and break into secure networks to destroy, modify, or steal data; or to make the network unusable for those who are authorized to use the network. They also sell information about the security holes, zero day vulnerabilities and exploits to other criminals for them to use. Obviously, black hats are considered the bad guys, as they are the epitome of all that the public fears in a computer criminal.
Businesses need ethical hackers now more than ever
Now since you know about the different types of hackers, let’s move on to know why ethical hackers are sought after by various businesses. Almost every company including the emerging startups invest lots and lots of money in securing their systems and platforms to prevent data breaches, DDOS attacks or intrusions. Since the number of cyber criminals in the world is increasing minute by minute, there is now more investment in skills, training and technology in the field of ethical hacking. By around 2021, the global spending will most probably cross $1 trillion. With cyber criminals trying so hard to breach, businesses now look to ethical hacking professionals who can prevent devastating security intrusions, DDOS attacks and cyber security breaches and protect their networks, Apps and backend systems.
Ethical hackers conduct controlled hack attacks on organizations called penetration tests aka pentests to find vulnerabilities and fix them. But unlike malicious ‘black hat’ hackers who exploit these for illegal practices, ethical hackers and security experts provide the company with details needed to fix flaws, before black hats lay their dirty hands. Cyber criminals and ethical hackers think alike and hence businesses will have a deeper insight.
Without pentests, security holes aka bugs and zero-days will remain unseen and existent thus, leaving an organization or business in a position that a black hat hacker or cybercriminal could potentially exploit. According to the 2016 Internet Security Threat Report prepared by Symantec Corporation, ethical hacking knowledge is sought after by global corporations and SMEs as well. The report also shows that 43% attacks were on SMEs.
Bright career prospects in ethical hacking
Various companies have also started introducing Bug Bounty program. For example, Google has paid out $3 million to hackers doing ethical hacking in just 2016 itself. Totally, $9 million has been paid out since 2010 when Google started the program. Facebook has paid out close to $6 million and Microsoft close to $2 million. Google and Microsoft recently also raised their payouts.
When hiring an ethical hacker look out for industry-standard certifications such as EC Council’s Certified Ethical Hacker (CEH) or GIAC’s GPEN. You can read all about CEH certification here. One can witness live hacking attempts on a map created by Norse Corp here.
Read here on How To Become A Certified Ethical Hacker 2017.
Read the detailed report by Symantec here.
Witness live hacking attempts on Norse Corp’s website here.