Enlisting the help of a hacker to stress-test your cyber security may sound risky, but more and more companies are finding that doing so can deliver significant benefits.
In the 21st century, there are few types of criminal that businesses fear more than hackers. Not so long ago, cyber crime was considered to be a relatively niche concern, but nowadays businesses realise that a hack attack can cause them financial and reputational damage on an unprecedented scale.
Given the increasingly adversarial relationship between hackers and the business community, and the costly measures employed to keep cyber criminals at bay, it may come as a surprise to learn that some organisations are taking the exact opposite approach. Increasingly, you’ll hear stories of companies bringing hackers into the fold and consulting them on cyber security matters, with former criminals walking away with handsome pay packets in exchange for going legitimate.
Intentionally allowing a hacker to access your confidential systems may conjure images of foxes guarding hen houses, but for many companies, it can deliver significant positive outcomes – provided, of course, that the inherent risks are managed sensibly.
Why are businesses hiring hackers?
The trend of hiring hackers or using them to provide consultancy services has gathered pace in recent years, as cyber security has gradually emerged as one of the most important issues facing modern businesses.
A recent report from Cybersecurity Ventures has indicated that the global cost of cyber crime could reach £4.9 trillion annually by 2021, and new legislation such as the EU-wide General Data Protection Regulation is imposing ever-greater penalties on organisations that are not able to demonstrate their compliance with stringent cyber security standards.
As such, so-called “white hat” hackers have seen demand for their services rise. For a fee, these individuals can apply sophisticated hacking techniques and tools to corporate systems, and find any potential loopholes and oversights – but instead of exploiting them, they’ll report their findings back to the business in question, allowing these security flaws to be fixed before they can be discovered by any genuinely malicious operators.
What could my organisation stand to gain?
With this in mind, the benefits of drawing upon the unique expertise that hackers can offer become considerably clearer. At a time when cyber security skills are in greater demand than ever, former hackers can offer a truly informed perspective that could make the difference in preventing a cyber attack that costs millions.
Multinational organisations and government bodies have already realised this, and have proven willing to pay top dollar to take advantage of these insights. A well-educated data protection specialist can prove extremely helpful in setting up cyber security systems that conform with industry best practice and the current legislation, but sometime it takes an actual hacker to get into the mindset of how real cyber criminals think, and to specifically highlight the kind of vulnerabilities and exploits that are most likely to be targeted.
Moreover, the growing prominence of white hat hacking means that it’s now easier than ever to hire an ethical hacker with proven credentials and formal certification, providing greater reassurance that the individual in question can be trusted to deliver a service, just the same as any other professional.
What risks need to be considered?
Naturally, when dealing with people with criminal histories, businesses will want to adopt a cautious approach to avoid being taken advantage of. After all, simply going out and handing an unknown hacker access to critical systems and data without doing any background checks is a recipe for disaster.
The biggest complication when it comes to hiring a hacker is the issue of trust. For some company leaders, it will be difficult to place their confidence in an individual with a criminal background, especially when the job specifically involves handing them opportunities to commit the same kind of crime again. Turning to candidates with an established track record of problem-free work with other organisations can help to mitigate this, but for some, hiring a hacker will require a leap of faith that they’re simply unwilling to take.
Ultimately, whether or not a company takes a chance on hiring a hacker will be for them to decide – but it’s certainly an option that businesses should at least consider as part of their efforts to get a much-needed edge over cyber criminals.