For decades, law enforcement and investigators have used undercover agents help crack their toughest cases. How better to learn about how criminals behave and how they commit their nefarious acts by putting someone right on the front lines to behave like the criminal and share information with “the good guys?”
The same principle of undercover agents is being put to use in the information security world, with the growing reliance on certified ethical hackers. While the idea of an “ethical hacker” might seem like an oxymoron, there are talented individuals who are willing to put their knowledge of hacking methods to work to help organizations identify their security vulnerabilities and fix them. By attacking a network the same way that a hacker would, CEHs provide valuable information that allows companies to truly protect their data, rather than relying on assumptions and guesswork to select security measures.
While those insights alone might seem like a good reason to hire a certified ethical hacker, many companies are still reluctant to do so. The fact is, though, that there are several good reasons to have one on your staff.
1. Certified Ethical Hackers Allow You to Play Offense Against Hackers
As mentioned previously, a certified ethical hacker, also known as a penetration tester or pentester, provides a layer of defense against cyberattacks on your network. In many cases, IT security relies on playing defense against known threats; this is why we have constant updates to virus and malware definitions, and are always adjusting firewalls, etc. However, someone who has completed certified ethical hacker training has the skills to help you play offense against hackers. In other words, they find vulnerabilities before hackers do, giving you an opportunity to shore up your defenses before you have a problem. In addition, a CEH will provide assurance that the methods you are using are working, allowing you to focus on other priorities.
2. Certified Ethical Hackers Must Report Their Findings
It’s easy to find a hacker who will work with you to try to test your system. You might even be tempted to hire a so-called black hat hacker to truly test your defenses. Yet when you work with a certified ethical hacker, you have a greater assurance that he or she will adhere to a code of ethics, as pledging to follow that code is a part of the certification process. Most importantly, this means that the hacker is required to share his or her findings with you, good or bad. While there is always the possibility that a hacker could breach the code of ethics, the likelihood is small, especially when you work with a reputable CEH.
3. Certified Hackers Limit Your Liability
Not only does working with a CEH help limit the risk of a breach and your exposure to liability related to improper data security, you can also limit your liability in the event that a breach does occur. Doing your due diligence and ensuring that any outside security testers have the ethical hacking certification can help serve as evidence of your commitment to security, and, should you have to disclose your testing to clients, you will likely receive less pushback when they learn that you are using a certified hacker.
4. CEHs Understand the Latest Technology and Methods
We all know that technology moves quickly, and that it can seem almost impossible to keep up with all of the developments in the world of cybersecurity. By working with a CEH, though, you gain assurance that you’re being protected by the latest technology and methods, some of which your IT security staff may not know yet. Hackers won’t reveal their methods, but a good hacker will use the same methods that criminals will, and have insider knowledge of how hackers are working. It’s their job to know these things, and keep their training up to date. When you hire a CEH, you are getting that expertise.
5. Ethical Hackers Reduce Losses
Working with an ethical hacker can help reduce your losses in the event of a breach in two ways:
- If you are breached, a hacker may be able to locate the vulnerability much faster, preventing an ongoing attack.
- When you hire an ethical hacker, you can request that he or she provide an employee fidelity/honesty bond or other insurance coverage that will reimburse you should your company experience losses as a result of their activities.
So while the idea of hiring a hacker might seem absurd at first, it’s quickly becoming a widely accepted security practice. Much like an undercover officer can root out criminals more quickly than uniformed agents, a hacker can identify vulnerabilities more effectively than a defender.