Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/14/2017
10:30 AM
Jaime Blasco
Jaime Blasco
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Why Hackers Are in Such High Demand, and How They're Affecting Business Culture

White hat hackers bring value to organizations and help them defend against today's advanced threats.

News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways. White hat hackers (as opposed to black hats) increasingly are finding employment in companies as security researchers.

From conducting penetration tests and identifying vulnerabilities in software to providing companies with guidance about emerging threats, white hat hackers bring considerable value to organizations and play an instrumental role in helping them defend against today's advanced threats. White hats are highly coveted not only for their knowledge but also for their unique mindsets and ability to change corporate culture.

Hacker Expertise
Until relatively recently, there was little to no formal education for cybersecurity; hands-on hacking was the primary way to be trained in the profession. Although unconventional, this method has proven to be both effective for hackers and beneficial for the organizations that employ them.

For example, given the ever-evolving nature of the cybersecurity landscape, hackers have become adept at learning about new technologies and vulnerabilities, whether through independent research or by collaboration with other hackers in communities and forums (Cybercriminals, for example, often discuss their strategies on Dark Web forums). When faced with new technologies, white hats typically will strive to achieve mastery, because that's what it takes to identify potential network vulnerabilities and find ways to break into devices and systems.

Hackers typically are proactive in their approach to security and often have an innate inquisitive mentality — a combination that is ideal for helping businesses stay up to date with new threats and vulnerabilities. Rather than only addressing current problems and risks, a trap that many companies fall into, white hat hackers also make sure their organizations are considering potential issues as well as emerging attack vectors and threats.

And because hackers are more in tune with the newest hacking tools and techniques through their involvement in hacking communities and forums, they can sometimes even predict the characteristics of emerging malware. When companies start to incorporate the expertise of these white hats, they are able to create stronger security programs that are built to successfully defend against today's advanced threats.

Security and non-security organizations alike increasingly are capitalizing on the knowledge and mindset benefits that hackers provide. This is driven by a dire economic need to improve cyber defenses. Ransomware attacks alone are expected to cost companies $5 billion in 2017 (15 times more than the $325 million they cost in 2015), and it is projected that cyber attacks in general will cause $6 trillion in damages annually by 2021 (versus $3 trillion in 2016).  

The increase in demand for white hat hackers also can be attributed to a growing awareness of the value they provide, which has largely spread through bug bounty programs. Companies that offer bug bounty programs effectively gain access to hundreds of hackers, who often are able to identify serious vulnerabilities in their systems; their success reinforces the potential business value of having those hackers work for them in-house full-time. 

Creating a Security-Minded Culture
White hat hackers not only help organizations bolster their security strategies, they also can have a profound impact on corporate culture. Their desire for knowledge, proactive nature, and inquisitive attitude can rub off on their colleagues, who can benefit from these characteristics by better developing and maintaining an understanding of today's constantly changing technologies. With the ability to understand a company's security posture from a hacker's perspective, a white hat mindset drives collaboration. Focusing on security from the beginning encourages the development of a security-minded culture within organizations, which leads to better overall security posture.

Many companies focus on trying to protect themselves from threats. However, this strategy results in wasted budget and resources, and frees employees from accountability. Instead, companies need to prioritize security best practices throughout all stages — and hackers are often the ones pushing IT and executives to think about security programs proactively instead of implementing changes reactively in the aftermath of a breach.

Being security-minded means providing extensive training for employees; defining metrics to track success; enforcing those metrics through awareness, gamification, and positive reinforcement; and, ultimately, implementing strategies to improve employee behaviors as well as the company's overall security posture. It's about setting the bar high and then continuing to raise it — and in cybersecurity, white hat hackers are the heavyweights.

Related Content:

Jaime Blasco is a renowned security researcher with broad experience in network security, malware analysis, and incident response. At AlienVault, Jaime leads the Lab Intelligence and Research team that leads the charge of researching and integrating threat intelligence into ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
12/14/2017 | 1:41:48 PM
Don Corleone
Keep your friends close --- Keep your enemies closer.
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1817
PUBLISHED: 2019-11-20
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
CVE-2013-2091
PUBLISHED: 2019-11-20
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
CVE-2012-1257
PUBLISHED: 2019-11-20
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
CVE-2013-1816
PUBLISHED: 2019-11-20
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
CVE-2011-4455
PUBLISHED: 2019-11-20
Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.