What’s the first thing you think of when you hear the word hacker? Do you imagine a nefarious individual, wearing a hoodie and hiding in a dark basement behind a computer? That might not be accurate as, unlike the stereotype, not all hackers are up to no good. There are, in fact, three types of hackers:
- Black hat hackers: They are responsible for creating malware, which is used to infiltrate computerized networks.
- Grey hat hackers: They usually seek out vulnerabilities in a system without an owner’s knowledge, and mostly do it for fun.
- White hat hackers: Also known as ethical hackers, they are security experts who help improve organizations’ security procedures and protect them from malicious hacking.
The demand for ethical hackersEthical hackers are the knight in shining armor of cybersecurity and are seen as the backbone of IT security testing. They are being employed by enterprises worldwide to help them strengthen their security systems. One of the top companies that employ ethical hackers is Brussels Airlines. “We need the support of ethical hackers to reinforce our IT-Security before non-ethical hackers find a possible vulnerability that they will, of course, not report to us,” said Brussel Airlines’ CISO Jean-François Simons. According to Inc. magazine, Chris Carter, founder, and CEO of Milwaukee-based enterprise software company Approyo, hires a cybersecurity team to perform penetration testing at the cost of between $15,000 and $20,000 every two years. "I don't want to have to send a letter to all of my customers and their end-users saying, 'We've been hacked, and this is why,' " Carter told INC magazine. "It's better to be proactive than reactive." According to PayScale, the average salary of an ethical hacker is $82,966 per year.
How do ethical hackers work?Ethical hackers investigate the following.
- Injection attacks.
- Changes in security settings.
- Exposure of sensitive data.
- Breach in authentication protocols.
- Access points.
- The Reconnaissance Phase, or the discovery phase.
- The Scanning Phase.
- The Gaining Access Phase.
- The Maintaining Access Phase.
- The Covering of Tracks Phase
- Red team/blue team: The red team vs. blue team exercise aims to strengthen the organization’s preventative, and response controls. This model comes from the navy, where a Red Team attacks and a Blue Team defends.
- Bug bounty hunters: Bug bounty hunters are crowdsourced cybersecurity enthusiasts and professionals that perform security testing.
- Penetration testers: A penetration tester evaluates the security of a computer system or network by simulating an attack from malicious outsiders.