Securing IT systems from potential threats and thefts is a daunting task faced by organizations. Sensitive information in wrong hands could be harmful and can cause lot of damage. Hackers not only gain access to information but also indulge in various forms of cyber terrorism such as extortion. Hackers, discover the vulnerabilities of an IT system and exploit it. They understand the nuances of the system so well that exploiting it for their advantage becomes easy. The question one needs to think about is if hackers are so talented enough to break into security system, why shouldn’t their services be sought to protect the system.
A hacker depending on his intentions could be a white hacker/white hat, black hacker/black hat or grey hacker/grey hat. A hacker who indulges in hacking with a non-malicious intention to expose the vulnerabilities of the system is known as white hat. These hackers employ the techniques used by malicious hackers to test the security of an IT system and detect any errors. Hackers who intrude IT systems with motives such as theft of data or cyber terrorism are commonly known as black hat. They find the mistakes in the computer systems and use it to their advantage.
A grey hat would be someone whose intention is at the borderline. Grey hat hackers are those who perceive breaking into a security system , a challenge for their skills. They may not cause any harm but nevertheless they intrude a system. White hat are also known ethical hacker assess the possible threats to a IT system. It is necessary for these ethical hackers to gain an insight into the mind and techniques of malicious hackers. An example of an ethical hacker is Mark Seiden who works as an independent security consultant.
It is his job to find the weak links in a security system and provide solutions for those loopholes. He has helped various organizations in tracking the vulnerabilities of their security system. According to him, the creation of a security system is an effort required by two people. One who is responsible for creation of the security system and the second who would test the system for its faults. These days there are various institutes which offer training in hacking for the detecting loopholes in a security system. Anyone with knowledge of computer programming or network administration is eligible for this course.
These modules which aim at producing a “certified hacker” , train people interested in hacking by providing them in-depth knowledge about security systems and how to detect loopholes within them. The sole aim of this training is to enable the white guys use skills such as penetration testing, internal/external network hacking, war dialing etc. to test the vulnerability of their networks and IT systems. Thus armed with knowledge about the workings of the bad guys, they are sought by organizations to help them avert intrusion.
However, one needs to address the issue whether the ethical hackers work under a code on ethics that will prevent them from using this knowledge for a wrong cause. When students enroll for courses in learning regarding hacking systems, there is no way to detect whether he is going to use it for a malicious purpose or not. There are various risks associated with training people with skills to detect vulnerabilities. Some of the courses are taught online. It is possible for malicious hackers to gain access to this to further enhance their knowledge. There are certain disadvantages in hiring or training ethical hackers.
There is no assurance that the hacker will comply to the code of ethics. Since they have the knowledge of breaking into systems and gaining access to valuable data, their intentions might vary and they may get lured into unethical activity. Therefore, while offering training on these hacking courses one needs to ensure awareness regarding misuse and unauthorized access. Information regarding the legal implication in unethical usage should be available to students availing such courses. Exposure to laws and punishments regarding malicious hacking should be provided.
This can act as a deterrent to behave in an unethical manner. Organizations should exercise great caution while hiring hackers. They should have legal contracts which explicitly state the terms and conditions under which hacking is carried out. Ethical hackers should develop a code of ethics under which they operate. They should ensure that these hackers are working under strict policies and supervision of the organizations. Good security policies are another way to dissuade unethical hacking. Employees with a proven track record can be trusted with responsibilities of ethical hacking.
One should be cautious while employing a criminal hacker to detect system weakness. Conclusion The advantages associated with ethical hacking outweigh the risks. Under supervisions and security policies organizations can engage experienced hackers to test their system for weal areas. Information in wrong hands could be dangerous and harm the credibility of organizations. An experienced hacker thus identifies the error in the software of security system and provides patches to secure it further. It is true, to overpower one’s enemy, you need to think like the enemy.