At the recent SecTor security conference held in Toronto, Canada, major players in the IT security industry spoke on several issues.
However, one of the biggest takeaways from the event, according to several experts, was the insight experts gave on ethical hacking, and how it can increase cybersecurity. According to ITWorldCanada, leaders at the event stated ethical hacking was the best way for large corporations to learn where the potentially devastating holes lie in their software systems.
Such forms of penetration testing are often not taught in schools, though. It’s for this reason that the experts said some of the best people for the job may not be recruited out of the world’s top technology schools, but rather, the computer-savvy ones who have put in hours on their own to discover the limits of existing computer systems.
This, it’s argued, has created a gray area.
“To be an excellent penetration tester or things like that you have to break the law to learn that you actually understand what you’re doing,” one expert said at the event, according to the news source.
This brings up several questions. If a hacker discovers a vulnerability in a company’s network through benign penetration testing, is it his or her obligation to report it, even if the test had no nefarious intentions?
In one famous instance, a cyber security expert legally accessed a major telecom’s website by changing URLs, and found that he could gain control of more than 100,000 email addresses belonging to the company’s customers. Instead of reporting the problem, he released the find to the media, and was eventually found guilty of identify fraud and conspiracy to access a computer without authorization.
Most experts agree this had the potential to help the large company, but the hacker made the wrong decision.
Fortunately, there has been a rise in the number of expert services that can provide security audits and other forms of penetration testing, all conducted in a controlled environment. These services will be crucial as the number – and severity – of cyber attacks continues to increase around the world.
Corporations, governments and utilities have some of the most at stake, and many are investing in solutions to improve their cybersecurity.