It sounds crazy to the uninitiated, but organisations across the globe pay people to break into their systems and find sensitive information.
The reason they do this is simple: to catch a thief, you must think like one. Organisations hire ethical hackers to make sure they have someone who’s one step ahead of the tactics that crooks use.
What is ethical hacking?
Ethical hacking (or penetration testing) refers to the exploitation of networks and applications, with the intention of informing the organisation about the vulnerabilities you discover.
With the vulnerabilities the ethical hacker discovers, organisations can implement defences to stop criminals before they’ve had a chance to target the organisation.
What does an ethical hacker do?
Ethical hackers identify and exploit vulnerabilities using the same methods as a criminal hacker. The only difference is that ethical hackers operate within the law, and don’t use any of the information they’ve discovered maliciously.
Attacks may involve exploiting system misconfigurations, sending the organisation’s staff phishing emails, with the intention of gathering their login credentials or breaching the physical perimeter.
As the threat landscape has evolved, ethical hackers are sometimes commissioned to commit long-term cons. They will watch and analyse an organisation, looking for patterns that can be exploited. One method they might use is to leave removable devices containing malware in a public area to see if an employee plugs it into one of the organisation’s computers.
Can I trust ethical hackers?
You might be unnerved at the prospect of allowing an ethical hacker to root around in your organisation, but there’s nothing to fear as long as you hire a qualified ethical hacker through a trusted third party.
How to become an ethical hacker
You can gain all the skills you need to become an ethical hacker by taking our Certified Ethical Hacker (CEH) Training Course.
This five-day course gives you practical, hands-on experience with ethical hacking. You’ll be shown the strategies, tactics, technologies, tools and motivations of criminal hackers, and be given the opportunity to replicate their methods.
After the course, our tutor will be available to provide support and answer any questions you may have. You’ll also be given six months online access to EC-Council iLabs to further develop your skills.
When you’re ready, you can sit the CEH Practical exam, where you’ll be tested on your ability to identify and exploit vulnerabilities in operating systems, databases and networks.
Those who pass will receive the CEH (Practical) certification, which is globally recognised as the vendor-neutral qualification of choice for developing a senior career in ethical hacking and penetration testing.
A version of this blog was originally published on 2 May 2017.