Is There Such a Thing as "Ethical Hacking?"

Ethical Hacking: locating cyber threats and vulnerabilities that a business may
By  
Gigabit Systems
January 15, 2019
20 min read
Share this post

How can someone put the words “ethical” and “hacking” in the same term without creating an oxymoron? Believe it or not, ethical hacking exists. Often referred to as Penetration Testing, ethical hacking or “white hat hacking” describes the act of intruding/penetrating into system or networks to discover threats that a hacker could potentially find and use to steal data, cause financial loss, or other major damages. Some attribute ethical hacking with improving network security, and allowing businesses to detect vulnerabilities that a hacker might have taken advantage of.

The Growing Popularity of Ethical Hacking

With 71% of cyber criminals able to breach a perimeter within 10 hours, the need for people who can spot gaps in a business’s cyber security strategy grows. As the need grows, so does the salary. One “bug bounty” company Bugcrowd found that some ethical hackers ask for up to $500,00 per year to test security flaws for companies and/or organizations such as Tesla and the Department of Defense. When contracted, white hat hackers operate under a clearly defined contract. Under these rules, the hacker’s salary depends on if they were able to find a flaw in the cyber security infrastructure, and how serious that flaw actually was.

It should come as no surprise that even while this line of work used to be freelance, many ethical hackers are now looking to turn this function into a full-time career. According to a study by Bugcrowd, half of ethical hackers reported having-full time jobs. On the other hand, 80% reported that an ethical hacking task helped them land a job in cybersecurity. Of this sample, the top 50 hackers had an average yearly payout around $145,000.

In-House Ethical Hacking

Are you interested in bringing ethical hacking to your business? Ethical hacking can be outsourced to consulting firms at “bug bounty” companies such as Bugcrowd, HackerOne, Synack, and Cobalt. Alternatively, some companies also allow their own employees with hacking skills to carry out parallel missions. This is done through in-house penetration testers, where employees are asked to play the role of a malicious hacker looking to shut down servers and/or steal information. Since IJet and Tesla pay hackers up to $1,000 to $15,000 per issue discovered, in-sourcing these assignments may lead to a raise in pay grade for those willing and able to take on the task.

Don’t wait for a cyber criminal to attack. Contact Gigabit Systems today.

Conclusion

For information technology professionals looking into continuing education in ethical hacking, several courses and certifications exist. These certifications include, but are not limited to, EC-Council’s Certificate Ethical HAcker (CEH), SysAdmin, Networking, and Security (SANS) Institute, and McAfee’s Foundstone Ultimate hacking courses. Businesses that are looking to grow their ethical hacking capabilities may look to consider tuition reimbursement programs as a means of encouraging IT professionals to continue their education in this discipline.

The answer is yes - there IS in fact such a thing as ethical hacking. Having a third party take on the role of a white hat hacker, or otherwise hack into a system or network to identify a threat before someone malicious does, is a deeply proactive cyber-security tactic. For those looking into ethical hacking in order to steer clear against the projected number of attacks in 2019, businesses should consider “bug bounty” companies as consultants or investing in-house in ethical training certifications.


Learn more about the latest in cyber security by subscribing to our blog; https://www.gigabitsys.com/news 

Share this post
See some more of our most recent posts...