Orange-Line

White Hats and Ethical Hacking for Companies’ Security

Posted in

Author: Salvatore Corradi – FM Chairman

One of the most well-known episodes of a ransomware attack was the WannaCry outbreak, which hit companies worldwide in the spring of 2017. This ransomware attack affected a diverse collection of entities, including the NHS, Spain-based Telefonica, America’s FedEx, German railway company Deutsche Bahn, and LATAM Airlines. Afflicting over 200,000 computers in over 150 countries, it costed the UK £92 million and run up global costs of up to a whopping £6 billion.
“WannaCry” has been delivered via emails which tricked the recipient into opening attachments and releasing malware onto their system, a technique also known as “phishing”.

What happens in these unpleasant situations is that, once your computer has been affected, it locks up the files and encrypts them in a way that you cannot access them anymore. It then may demand payment in bitcoin in order to regain access.

This is an example of a typical cyberattack. To prevent such attacks, companies of any kind are implementing their cyber security in order to protect networks, programs and computer systems unauthorized digital attacks. In general, when we talk about hacking we often risk falling into the false myth that sees a hacker as an outlaw, but it is a misconception that hacking is always a wrong act. In fact, there are three different types of hackers: the black hat hackers are individuals who illegally hack into a system for a monetary gain. On the contrary, white hat hackers exploit the vulnerabilities of a system by hacking into it with permission, in order to defend an organization. This form of hacking is absolutely legal and ethical. Hence, they are also often referred to as “ethical hackers”. Then there are the Grey hat hackers. As the name suggest, the color grey is a blend of both white and black, this means that they discover vulnerabilities in a system and report it to the system’s owner, which may seem a good act. But they do this without seeking the owner’s approval, and sometimes grey hat hackers also ask money in return for the spotted critical issues.

Hiring an Ethical hacker means to have in your staff an IT security expert capable of anticipating, simulating and preventing attacks by verifying the security of sensitive data. These professional figures work in companies that tend to be well structured and their use remains somewhat controversial today. Their actions, while supported by the best of intentions, sometimes conflict with rights such as privacy, corporate secrecy and consumer protection. For this reason, certifications have been established that guarantee the goodness of the actions of white hats.

Be careful though! Having a hacker within your staff is a choice that protects you from any remote intrusions, but which does not necessarily mean a guarantee of security. Without the implementation of adequate access controls to the physical premises of the company, the adoption of these strategies risks being ineffective.