Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/14/2017
10:30 AM
Jaime Blasco
Jaime Blasco
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Why Hackers Are in Such High Demand, and How They're Affecting Business Culture

White hat hackers bring value to organizations and help them defend against today's advanced threats.

News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways. White hat hackers (as opposed to black hats) increasingly are finding employment in companies as security researchers.

From conducting penetration tests and identifying vulnerabilities in software to providing companies with guidance about emerging threats, white hat hackers bring considerable value to organizations and play an instrumental role in helping them defend against today's advanced threats. White hats are highly coveted not only for their knowledge but also for their unique mindsets and ability to change corporate culture.

Hacker Expertise
Until relatively recently, there was little to no formal education for cybersecurity; hands-on hacking was the primary way to be trained in the profession. Although unconventional, this method has proven to be both effective for hackers and beneficial for the organizations that employ them.

For example, given the ever-evolving nature of the cybersecurity landscape, hackers have become adept at learning about new technologies and vulnerabilities, whether through independent research or by collaboration with other hackers in communities and forums (Cybercriminals, for example, often discuss their strategies on Dark Web forums). When faced with new technologies, white hats typically will strive to achieve mastery, because that's what it takes to identify potential network vulnerabilities and find ways to break into devices and systems.

Hackers typically are proactive in their approach to security and often have an innate inquisitive mentality — a combination that is ideal for helping businesses stay up to date with new threats and vulnerabilities. Rather than only addressing current problems and risks, a trap that many companies fall into, white hat hackers also make sure their organizations are considering potential issues as well as emerging attack vectors and threats.

And because hackers are more in tune with the newest hacking tools and techniques through their involvement in hacking communities and forums, they can sometimes even predict the characteristics of emerging malware. When companies start to incorporate the expertise of these white hats, they are able to create stronger security programs that are built to successfully defend against today's advanced threats.

Security and non-security organizations alike increasingly are capitalizing on the knowledge and mindset benefits that hackers provide. This is driven by a dire economic need to improve cyber defenses. Ransomware attacks alone are expected to cost companies $5 billion in 2017 (15 times more than the $325 million they cost in 2015), and it is projected that cyber attacks in general will cause $6 trillion in damages annually by 2021 (versus $3 trillion in 2016).  

The increase in demand for white hat hackers also can be attributed to a growing awareness of the value they provide, which has largely spread through bug bounty programs. Companies that offer bug bounty programs effectively gain access to hundreds of hackers, who often are able to identify serious vulnerabilities in their systems; their success reinforces the potential business value of having those hackers work for them in-house full-time. 

Creating a Security-Minded Culture
White hat hackers not only help organizations bolster their security strategies, they also can have a profound impact on corporate culture. Their desire for knowledge, proactive nature, and inquisitive attitude can rub off on their colleagues, who can benefit from these characteristics by better developing and maintaining an understanding of today's constantly changing technologies. With the ability to understand a company's security posture from a hacker's perspective, a white hat mindset drives collaboration. Focusing on security from the beginning encourages the development of a security-minded culture within organizations, which leads to better overall security posture.

Many companies focus on trying to protect themselves from threats. However, this strategy results in wasted budget and resources, and frees employees from accountability. Instead, companies need to prioritize security best practices throughout all stages — and hackers are often the ones pushing IT and executives to think about security programs proactively instead of implementing changes reactively in the aftermath of a breach.

Being security-minded means providing extensive training for employees; defining metrics to track success; enforcing those metrics through awareness, gamification, and positive reinforcement; and, ultimately, implementing strategies to improve employee behaviors as well as the company's overall security posture. It's about setting the bar high and then continuing to raise it — and in cybersecurity, white hat hackers are the heavyweights.

Related Content:

Jaime Blasco is a renowned security researcher with broad experience in network security, malware analysis, and incident response. At AlienVault, Jaime leads the Lab Intelligence and Research team that leads the charge of researching and integrating threat intelligence into ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
12/14/2017 | 1:41:48 PM
Don Corleone
Keep your friends close --- Keep your enemies closer.
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9405
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
CVE-2020-9406
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVE-2020-9407
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVE-2020-9398
PUBLISHED: 2020-02-25
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
CVE-2015-5201
PUBLISHED: 2020-02-25
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows r...