Ethical Hacking
By CXOtoday Staff
Mumbai, Apr 14, 2008

Internet has changed the way we communicate, the way we do business - creating a virtual world, allowing people to explore different avenues, which they never thought existed. Its growth is phenomenal to the extent - that for most of us life comes to a standstill without net. But on the flip side, this growth has only exposed us to security threats, particularly businesses that have become exposed to the world through web.

With businesses growing global and processes controlled over network, the Internet is playing host to a number of security loopholes like hacking, identity and data theft over the web, etc.

Hackers are getting smarter day-by-day, crafting sophisticated tools to steal confidential information of companies, breaking into sites - the list can go on and on.

These incidents have become rampant in the recent time.

Businesses, ranging from start-ups to large companies, have experienced the consequences of hack acts. In spite of putting the best security practices at place, many of them fail to shield their organizations against these threats.

So, is creating a firewall, encryption, or having an antivirus enough? With best of security policies getting easily hacked by cyber crooks, well this question isn't very difficult to answer.

So, how do organizations tackle the security issues? Dominic K, head (Global Operations) of Orchidseven Infosec explains, "Any organization today comprises multiple layers of systems, which enable their business across the globe. This is bound to include servers and network. Such network needs to be constantly tested to keep tab on the various possible vulnerabilities, which may hamper the business through various means - such as identity and data theft."

This clearly indicates that deploying firewall, Intrusion Detection System (IDS), Intrusion Prevention System (IPS), etc., is not adequate to ensure data or network security. Companies need trained IT professionals, professionals who can fix the security holes before the bad guys (read as black hat hackers) cause irreparable damages.

Few years back, some of you may remember, Abhishek Bacchan played the role of an ethical hacker in 'Om Jai Jagdish,' a Bollywood movie. He uses his hacking skills to create a program to actually block hackers instead. Well, this was not one of those fictitious roles confined to silver screen only. In fact, today ethical hackers constitute an important part of technical staff, as they can think like the hackers and prevent serious computer-related crimes.

So to discuss more elaborately, ethical hackers, or more popularly known as white hat hackers, helps organizations understand the present hidden problems in their servers and corporate network. White hackers, unlike those bad guys, use their skills to detect flaws within the company's security system so that they can be rectified quickly. They use the same skills like those of hackers, but legitimately. This is a major reason, why more companies are actually employing ethical hackers as part of their technical support staff.

Dominic explains, "Right from ERP package to network printers, workstations to firewalls - need to be tested for in-depth security. Such tests are must for every enterprise - irrespective of their vertical or domain. Penetration test, alias ethical hacking, must be conducted periodically. It s much needed for network self-diagnosis and self assessment."

However, it's crucial that companies follow certain norms while appointing ethical hackers. Businesses should test the approach skills of candidate toward security and ethical hacking. According to Dominic, a good ethical hacker should be able to:

1.Design and create plan methodologies
2.Should comprehend social engineering aspects used for fraud
3.Use latest techniques to hack into systems and networks
4.Understand digital forensics
5.Be aware of IT Act Law 2000, and other international laws with regards to information and data security
6.Understand reverse engineering and application security

Also ethical hackers need to follow certain policies. Like, an ethical hacker shouldn't indulge in personal agendas, which means whatever they do should support company's policies and goals. They should never use confidential information of companies for their own personal benefits. A professional white hat hacker will always approach the concerned manager, in case of any further clarification or problem.

Countries all around are vulnerable to cyber attacks. So, they are realizing the importance of ethical hackers. However, it's quite pity that the issue of e-security hasn't picked up the way it should have been. Hence, ethical hacking is not very popular yet. But, many companies, particularly some big enterprises are realizing the criticality of the situation. They're no longer unaware of the fact that India is most susceptible to cyber attacks.

But what's the reason behind this ignorance? Explains Dominic, "In the current scenario almost every organization, irrespective of its size is aware of the implications and consequences. However, there are few organizations that will be proactive than be reactive to such incidents."

"Although the Indian government has rolled out multiple plans and projects on e-commerce, yet few are completely secure. Today, almost 80% of government websites are vulnerable to such attacks. Theses hacks range from silly SQL injection to XSS attacks," he added.

The severity of the situation, hence, gives rise to an important question. Can Indian business organizations afford to remain ignorant? When hackers are increasingly compromising companies information, data for their own benefit, can businesses just wait and watch?

Of course not. It s time businesses should make ethical hacking as part of technology consulting. More and more awareness programs should be organized for everyone in the enterprise. The onus lies on top management, and the CXOs to train and keep their employees well-informed on vulnerabilities, and induct efficient ethical hackers in their organizations.

Related Links:

Broadband Boosts Internet Usage in APAC