As a business in 2017 should you hire a hacker?
Let’s first look at crime advice for physical buildings, homes, businesses, etc. You can get a security advisor, someone who is associated with the local police department who specialises in how to protect your home. They may advise you fit an alarm, some CCTV cameras, put big locks on your garden gates, etc. However a ex-burgular would give you a completely different insight. They would look for the method of entry that the average non-lawbreaker wouldn’t see. They spot the glitches in security, the garden tool that is left lying around, they know how to spot a fake alarm box. An ex-burgular will tell you what he or she would have looked for back in the days when they were on the wrong side of the law. Has the person got lights on, have they got an alarm, do they have a TV on, a car on the drive, when they make a noise does a dog start to bark?
Of course you would always be wary of inviting an ex-burglar into your home, wary of telling them all of your secrets, however someone who is now working in an ethical manor is someone who can provide you with an insight like no other. So be mindful of their past, stay with them but ignore their advice and point of view at your peril.
So where does that fit into hacking, cyber security and information security? Well if you wish to know the security weaknesses in your network, your computer systems, the employees of your business the best way to find out is employ a hacker!
A former malicious hacker will conduct a penetration test or a social engineering test in a completely different way to that of a trained security consultant. A typical security consultant would run automatic and manual scans of a network, website or application. They would look for vulnerabilities, document these and report on suggested fixes for any issues found. This is an industry standard, most follow a tried and tested framework, report in a set way. This isn’t a negative thing, this is very useful and a great way of understanding weaknesses in your network.
However an ex-malicious hacker turned ethical will have an entirely different approach. They will look for ways to compromise your network that a trained professional will miss. If there is a small hole that can be found they will find it, if there is a way of getting into a business as a social engineer they will find it. The pay off for a cyber-criminal is huge, be it financial, hacktivism or whatever other motivation. They have all the time in the world to invest in this end game. It isn’t a job to them it’s a way of life. When a cyber-criminal turns good they approach an assignment with this same philosophy. They don’t sleep or rest until the flaw is exposed.
Now would we suggest you hire a ex-malicious hacker into your business and say go have fun? No! They still need the same contractual obligations as any other security professional, they need to sign a NDA, they should be escorted around the business by a member of staff, supervised if in server rooms, etc.
The benefit an ex-malicious hacker will provide to your business is invaluable. A lot of security companies including ourselves, employ a range of people from a range of backgrounds, some have a purely ethical background and are very good at what they do, others are from a non-ethical background and working along side our purest ethical hackers can provide the winning combination.
To find out more about how we can help you and your business please get in touch.