Everybody interprets the world around them in their own unique way; it’s what makes the human race so fascinating. Our experiences and relationships help shape us to be the individuals we are today and it is through such that we learn to interpret the world with unique perspectives.
The common expression ‘Is the glass half empty or half full?’ is a great example of perspective coming into place. From an optimist’s perspective, the glass would be half full but from a pessimist’s it would be half empty.
My underlying point is that only pessimists know which route other pessimists would go down, and the same can be applied to hackers.
Whitehat vs Blackhat
The history of the term Hacker is fascinating, with it originally meaning those who tinkered with early systems to get the most from them. However over the last several years, the term has unfortunately taken a wrong turn. With the power of social media and other internet communications, unlawful hacking has become more of a pop culture; encouraging more and more people to become one, all for the wrong reasons.
Automated tools are available to those who want to get into blackhat hacking, and although these hackers would be classed as ‘script kiddies’ by experienced hackers; they’re still capable of serious damage.
Those sporting the whitehat are fighting back though, and they’re slowly (but surely) taking the spotlight with their heroics in fighting cyber crime. In fact since tools such as the Raspberry Pi have become popular, the term hacker is often being used in its original context i.e. people tinkering with the pi to make it do a range of different things.
Although significant, this slight change doesn’t alter the fact that cyber crime is the most commonly associated action with hackers.
Which hat do you need?
When looking to protect your organisation from blackhat hackers, it’s beneficial to have the perspective of one. Of course, you’re not going to give permission for a criminal to attack your networks (at least I hope you wouldn’t).
Instead, you’re going to need the experience of an ethical hacker who has a broader range of skills than a blackhat and the ability to report back to you with his findings. Which in other words is called a…
A vulnerability Assessment is a combination of manual and automated testing and reports. It discovers vulnerabilities, classifies them and gives remediation activities. It defines the security posture of an organisation and the attack surface area.
A vulnerability assessment which is carried out by a certified ethical hacker will leave you with two things:
- A report detailing where you’re vulnerable and what you need to do to fix it, and
- A wake up call
My reasoning for number 2 is explained by the the image below which demonstrates the average numbers of vulnerabilities across IT Governance’s last 6 vulnerability assessments
19 high risk threats
You may believe that your organisation’s network is impenetrable but without the perspective of an attacker, you’ll never be able to know how vulnerable you are because you don’t perceive a network in the same way an attacker would.
The ideal strategy is to do a vulnerability assessment on a frequent basis and then via risk assessment identify critical components which will, if compromised have a high impact on the organisation. These systems should then be penetration tested to identify if they are exploitable and what the impact would be.
Call in an expert
IT Governance offer a wide range of technical services including; vulnerability scans, vulnerability assessments and penetration tests.
For a detailed description of each of these services and how they’ll benefit your organisation, you should take a look at IT Governance’s Types of Penetration Tests Table