Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/14/2017
10:30 AM
Jaime Blasco
Jaime Blasco
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Why Hackers Are in Such High Demand, and How They're Affecting Business Culture

White hat hackers bring value to organizations and help them defend against today's advanced threats.

News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways. White hat hackers (as opposed to black hats) increasingly are finding employment in companies as security researchers.

From conducting penetration tests and identifying vulnerabilities in software to providing companies with guidance about emerging threats, white hat hackers bring considerable value to organizations and play an instrumental role in helping them defend against today's advanced threats. White hats are highly coveted not only for their knowledge but also for their unique mindsets and ability to change corporate culture.

Hacker Expertise
Until relatively recently, there was little to no formal education for cybersecurity; hands-on hacking was the primary way to be trained in the profession. Although unconventional, this method has proven to be both effective for hackers and beneficial for the organizations that employ them.

For example, given the ever-evolving nature of the cybersecurity landscape, hackers have become adept at learning about new technologies and vulnerabilities, whether through independent research or by collaboration with other hackers in communities and forums (Cybercriminals, for example, often discuss their strategies on Dark Web forums). When faced with new technologies, white hats typically will strive to achieve mastery, because that's what it takes to identify potential network vulnerabilities and find ways to break into devices and systems.

Hackers typically are proactive in their approach to security and often have an innate inquisitive mentality — a combination that is ideal for helping businesses stay up to date with new threats and vulnerabilities. Rather than only addressing current problems and risks, a trap that many companies fall into, white hat hackers also make sure their organizations are considering potential issues as well as emerging attack vectors and threats.

And because hackers are more in tune with the newest hacking tools and techniques through their involvement in hacking communities and forums, they can sometimes even predict the characteristics of emerging malware. When companies start to incorporate the expertise of these white hats, they are able to create stronger security programs that are built to successfully defend against today's advanced threats.

Security and non-security organizations alike increasingly are capitalizing on the knowledge and mindset benefits that hackers provide. This is driven by a dire economic need to improve cyber defenses. Ransomware attacks alone are expected to cost companies $5 billion in 2017 (15 times more than the $325 million they cost in 2015), and it is projected that cyber attacks in general will cause $6 trillion in damages annually by 2021 (versus $3 trillion in 2016).  

The increase in demand for white hat hackers also can be attributed to a growing awareness of the value they provide, which has largely spread through bug bounty programs. Companies that offer bug bounty programs effectively gain access to hundreds of hackers, who often are able to identify serious vulnerabilities in their systems; their success reinforces the potential business value of having those hackers work for them in-house full-time. 

Creating a Security-Minded Culture
White hat hackers not only help organizations bolster their security strategies, they also can have a profound impact on corporate culture. Their desire for knowledge, proactive nature, and inquisitive attitude can rub off on their colleagues, who can benefit from these characteristics by better developing and maintaining an understanding of today's constantly changing technologies. With the ability to understand a company's security posture from a hacker's perspective, a white hat mindset drives collaboration. Focusing on security from the beginning encourages the development of a security-minded culture within organizations, which leads to better overall security posture.

Many companies focus on trying to protect themselves from threats. However, this strategy results in wasted budget and resources, and frees employees from accountability. Instead, companies need to prioritize security best practices throughout all stages — and hackers are often the ones pushing IT and executives to think about security programs proactively instead of implementing changes reactively in the aftermath of a breach.

Being security-minded means providing extensive training for employees; defining metrics to track success; enforcing those metrics through awareness, gamification, and positive reinforcement; and, ultimately, implementing strategies to improve employee behaviors as well as the company's overall security posture. It's about setting the bar high and then continuing to raise it — and in cybersecurity, white hat hackers are the heavyweights.

Related Content:

Jaime Blasco is a renowned security researcher with broad experience in network security, malware analysis, and incident response. At AlienVault, Jaime leads the Lab Intelligence and Research team that leads the charge of researching and integrating threat intelligence into ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
12/14/2017 | 1:41:48 PM
Don Corleone
Keep your friends close --- Keep your enemies closer.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...