Worried About Cybersecurity? Hack Your Own System
Think your organization is immune to a ruthless cyberattack? Think again: 7 in 8 organizations were victims of at least one cybercrime in 2016; one-third reported they’d been hacked more than five times. It’s no wonder IBM’s CEO considers cybercrime “the greatest threat to every company in the world.”
Not only does a hack put sensitive employee, customer, and proprietary company information at risk, it can have a detrimental financial impact. The average breach affects over 24,000 records and each stolen record — a password, email account or Social Security number — costs an average $141. That equates to nearly $3.4 million.
So, how can you defend your organization and keep data secure? As the old saying goes, “The best defense is a good offense.” In short, the best way to identify the weakest links in your IT and data security protocols is simple: Hack your own system.
That may seem like outrageous advice, but it’s not as crazy as it sounds. As a vice president of IT, one of my responsibilities is to attempt to hack my organization’s HR technology platform, which I helped develop. I also hack as a hobby, participating in national hacking competitions — I’ve even won a few of them. I equate these competitions to taking a science lab in college. They provide hands-on practice for building the skills that I need to oversee my company’s IT systems and keep my mind sharp.
What I and other certified hackers do is considered “ethical hacking.” We help our organizations spot weaknesses and vulnerabilities in targeted IT systems. We use the same knowledge and tools as a malicious cybercriminal — but in a lawful way to evaluate the security measures in place and offer possible remedies.
Ethical hacking is proving to be a table stakes approach to corporate security strategy by providing hands-on practice for developing sleuthing skills. It serves as a catalyst for trying fresh and inventive ideas that can help drive an organization’s operations to the next level.
It’s similar to penetration testing, which checks a computer system network or web application to identify weaknesses that attackers could exploit. But instead of random, once-a-year testing, which is customary, a hired hacker consistently pressure tests the system.
I like to think of myself as an undercover officer for my company’s IT system and product platform who can hide among the sophisticated IT infrastructure to find the bad guys more efficiently and effectively. Like me, most certified hackers keep up to date on IT security advances, including attending “Capture the Flag” events (aka, hacking competitions) to maintain our skills, challenge one another, and discuss new security trends.
In fact, learning new cyberattack methods and tools ranks among the most effective technique in preventing data breaches. As cybercriminals become more sophisticated, that education is critical.
Here are three reasons why hiring an ethical hacker is an increasingly important consideration for corporate security. Ethical hackers:
· Help identify overlooked system weaknesses. Certified hackers possess a mindset that enables them to seek out loopholes in a system that might be overlooked and proactively identify them for correcting before it’s too late.
· Enable regular system testing. When an ethical hacker is part of your company, he or she can test systems regularly without outsourcing the work.
· Protect new innovations and technologies. Your own hacker will be part of the team that safeguards new technologies as they are applied. Because the hacker knows how this technology was developed, he or she can build a system that prevents cyberhackers’ access and pressure test it to ensure effectiveness. This is proving especially helpful with the increased adoption of cloud computing, web applications, and advances to the Internet of Things, all of which open more digital channels and loopholes for hackers to access.
So, how do you sell the idea of hiring a hacker to your boss? Start by explaining the significant ROI: Ethical hacking is substantially less expensive than the cost of outsourcing security and the potential negative impact to your brand — not just in dollars, but in safeguarding against significant brand damage and lost customer trust.
Further, if you experience a data breach, your ethical hacker is onsite, fully versed in your IT system or product, and able to locate weaknesses much faster to avoid an ongoing attack.
I have a passion for maintaining the integrity of our customers’ data and keeping our IT systems and product platform secure. The ethical hackers I know share that dedication.
And, remember, it takes a hacker to prevent against one.
 Bitglass, “Threats Below the Surface Report,” April 4, 2017. https://finance.yahoo.com/news/bitglass-report-87-percent-organizations-120000940.html