Ethical Hacking – Should a company ask employee to hack its IT network?
Well, the answer depends on who you ask.
Cyber security is big business and it has seen massive growth over a short period because hackers have attacked online businesses like never before!
In 2014 the UK cyber security industry was worth over £17bn, this had increased from £10bn in the year before.
Hacking has become more targeted and is now making news almost every day. In 2015 we have seen well established companies such as TalkTalk, Carphone Warehouse and Ashley Madison hacked and private data on their customers stolen.
Even more frightening is that the TalkTalk hack was carried out by a group of 15 and 16 year olds, demonstrating that hacking tools are now becoming more accessible and that businesses of all sizes need to adapt to the rapidly changing threats.
With the growth in online trading and e-commerce, there is an increasing amount of valuable data being passed to companies that can be used by criminals. This online boom has seen hacking develop quickly in a bid to stay ahead of development from the security systems companies.
New hacking tactics are used, new software developed and every cyber-attack is different in its own way. It is the job of ethical hackers to test systems and make sure that a company’s security process is capable of withstanding attacks using the latest internet security methods.
This vulnerability mitigation process is commonly known as penetration testing and is an authorised hack of an IT system – hence the term ethical hacking.
With the industry ever evolving we take a look back into the history and some of the key dates of ethical hacking to see how it developed to what we know as penetration testing today.
Ethical hacking key events
1939 – “The Bombe” – Whilst not strictly ethical hacking in the sense that we understand it, the development of “The Bombe” was significant as it was one of the first machines built with the sole intention of decrypting and hacking another system. It was built by Alan Turing during the Second World War to decipher the German’s Enigma machine.
1960 – “Computer Penetration” – This year saw the first discussions about ‘computer penetration’ among IT experts along with discussion of using deliberate tests being made by professionals. This is the development of what we now know as penetration testing.
1974 – One of the first ethical hacks – The United States Air Force is regarded as one of the very first organisations to take part in ethical hacking. They conducted a hack of the operating system Multics.
1986 – Illegality – Black and Grey hat hacking become illegal in the United States of America as the US Computer Fraud and Abuse Act comes into effect. In the UK the Computer Misuse Act came into force in 1990.
1995 – ‘ethical hacking’ – It was John Patrick of IBM that first coined the phrase of ‘ethical hacking’ in 1995 to imply cyber security that went beyond a penetration test.
1999 – Windows 98 – The launch of Windows 98 in 1999 was a landmark year for cyber security with the introduction of mainstream software security.
2003 – OWASP – This was the year that OWASP (Open Web Application Security Project) was launched with the idea of putting some guidance and a framework for penetration testers to follow.
The future of ethical hacking
In an ever-changing IT and cyber security landscape where hackers are developing new and more complex ways of attacking systems, penetration testing and ethical hacking is likely to continue growing.
The growth of the internet for commerce and the amount of personal data being held on servers all over the world means that there will always be an interest in acquiring the data, this means that companies must keep their processes up to date.
Loss of sensitive information not only costs a company its reputation, there is also significant financial repercussions.
For major companies the cost of repairing any damage caused can reach the millions – it was estimated that Sony will have a repair bill of about $35million – and this doesn’t account for any legal cases brought before the company.
Penetration testing is one of the many methods a cyber security company can offer and it is helping countless businesses to stay ahead of the hackers and make sure their customers data is kept securely.
Article provided by Mike James, an independent content writer in the technology and cyber-threat sector – working with RedScan, who were consulted over the information contained in this piece.