Attacks/Breaches

12/14/2017
10:30 AM
Jaime Blasco
Jaime Blasco
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Why Hackers Are in Such High Demand, and How They're Affecting Business Culture

White hat hackers bring value to organizations and help them defend against today's advanced threats.

News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways. White hat hackers (as opposed to black hats) increasingly are finding employment in companies as security researchers.

From conducting penetration tests and identifying vulnerabilities in software to providing companies with guidance about emerging threats, white hat hackers bring considerable value to organizations and play an instrumental role in helping them defend against today's advanced threats. White hats are highly coveted not only for their knowledge but also for their unique mindsets and ability to change corporate culture.

Hacker Expertise
Until relatively recently, there was little to no formal education for cybersecurity; hands-on hacking was the primary way to be trained in the profession. Although unconventional, this method has proven to be both effective for hackers and beneficial for the organizations that employ them.

For example, given the ever-evolving nature of the cybersecurity landscape, hackers have become adept at learning about new technologies and vulnerabilities, whether through independent research or by collaboration with other hackers in communities and forums (Cybercriminals, for example, often discuss their strategies on Dark Web forums). When faced with new technologies, white hats typically will strive to achieve mastery, because that's what it takes to identify potential network vulnerabilities and find ways to break into devices and systems.

Hackers typically are proactive in their approach to security and often have an innate inquisitive mentality — a combination that is ideal for helping businesses stay up to date with new threats and vulnerabilities. Rather than only addressing current problems and risks, a trap that many companies fall into, white hat hackers also make sure their organizations are considering potential issues as well as emerging attack vectors and threats.

And because hackers are more in tune with the newest hacking tools and techniques through their involvement in hacking communities and forums, they can sometimes even predict the characteristics of emerging malware. When companies start to incorporate the expertise of these white hats, they are able to create stronger security programs that are built to successfully defend against today's advanced threats.

Security and non-security organizations alike increasingly are capitalizing on the knowledge and mindset benefits that hackers provide. This is driven by a dire economic need to improve cyber defenses. Ransomware attacks alone are expected to cost companies $5 billion in 2017 (15 times more than the $325 million they cost in 2015), and it is projected that cyber attacks in general will cause $6 trillion in damages annually by 2021 (versus $3 trillion in 2016).  

The increase in demand for white hat hackers also can be attributed to a growing awareness of the value they provide, which has largely spread through bug bounty programs. Companies that offer bug bounty programs effectively gain access to hundreds of hackers, who often are able to identify serious vulnerabilities in their systems; their success reinforces the potential business value of having those hackers work for them in-house full-time. 

Creating a Security-Minded Culture
White hat hackers not only help organizations bolster their security strategies, they also can have a profound impact on corporate culture. Their desire for knowledge, proactive nature, and inquisitive attitude can rub off on their colleagues, who can benefit from these characteristics by better developing and maintaining an understanding of today's constantly changing technologies. With the ability to understand a company's security posture from a hacker's perspective, a white hat mindset drives collaboration. Focusing on security from the beginning encourages the development of a security-minded culture within organizations, which leads to better overall security posture.

Many companies focus on trying to protect themselves from threats. However, this strategy results in wasted budget and resources, and frees employees from accountability. Instead, companies need to prioritize security best practices throughout all stages — and hackers are often the ones pushing IT and executives to think about security programs proactively instead of implementing changes reactively in the aftermath of a breach.

Being security-minded means providing extensive training for employees; defining metrics to track success; enforcing those metrics through awareness, gamification, and positive reinforcement; and, ultimately, implementing strategies to improve employee behaviors as well as the company's overall security posture. It's about setting the bar high and then continuing to raise it — and in cybersecurity, white hat hackers are the heavyweights.

Related Content:

Jaime Blasco is a renowned security researcher with broad experience in network security, malware analysis, and incident response. At AlienVault, Jaime leads the Lab Intelligence and Research team that leads the charge of researching and integrating threat intelligence into ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
12/14/2017 | 1:41:48 PM
Don Corleone
Keep your friends close --- Keep your enemies closer.
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.