Security tactics and tips from an ethical hacker
We are living in a time of cyberattacks and data breaches, with no business able to escape the consequences of failing to protect themselves.
Orange Cyberdefense’s Security Navigator 2023 report revealed that incidents have gone up 5% since 2022, with malware forming a total of 40% of the incident types.
On average, it takes a business 215 days to patch a vulnerability – something that could be heavily sped up with the right resources. Businesses must deploy new solutions to improve their security posture and devise more effective methods for keeping their data and infrastructure under lock and key.
Ethical hacking can be a valuable tool to achieve this, as it goes beyond the standard digital defences and adds a human touch to proactive risk prevention.
An ethical hacker, also known as a penetration tester, poses as a threat actor to infiltrate a company’s digital estate – in other words, we conduct authorised cyberattacks.
We aim to hack into an organisation to identify software vulnerabilities and other weak points before the real bad guys do.
We provide a report of our findings and advise how businesses can adjust their security posture as a result. Ethical hackers form an important aspect of cybersecurity as we evaluate all aspects of a business, from network infrastructure, cloud, and applications to mobile endpoints, web apps, and anything else that could open valuable information up to malicious actors.
As an ethical hacker, I am passionate about helping individuals and businesses stay safe in cyberspace.
According to our Cy-Xplorer 2023 report, cyber extortion activity reached the highest volume ever recorded in Q1 2023 after a decline of 8% in 2022.
Therefore, there is an urgent need for businesses to devise novel solutions to adequately protect their data. Unfortunately, traditional cybersecurity methods do not provide complete security – there will always be a flaw in the system, so the real question is: will the hacker get there first?
Ethical hacking enables a company to self-reflect and educate itself on its vulnerabilities and how to protect against the strategies used by hackers – it is a very efficient way of detecting flaws in its security posture before cybercriminals can exploit them.
Traditional security tools often provide a blanket approach to security, risking the investment of time and money while still leaving gaps as businesses don’t know which vulnerabilities they need to defend against.
In comparison, investing in ethical hacking will show businesses exactly where their money needs to go to foster tight security.
The human layer
Ethical hackers are briefed on a case-by-case basis, depending on the business. It’s a flexible tactic and can either be used to find as many vulnerabilities as possible in a set amount of time, or to investigate a specific piece of infrastructure – depending on what the business needs.
When it comes to the tools and tactics used by ethical hackers, we pretty much do what a cybercriminal will do – we manipulate the human layer of protection to gain access and break computer systems.
We then use data to estimate the parts of their infrastructure that are vulnerable, and therefore more susceptible to cybercriminals’ tactics.
Even though there is a big digital aspect to an ethical hacker’s job, there is also a physical element that is just as crucial and is severely overlooked.
On a previous assignment, I was able to replicate a fake company office pass by copying one that was included in an Instagram post – an image of a dog wearing the pass of all things! My colleague and I gained access to the business’ office by showing our passes and telling them that we were employees of the company based at another location abroad.
We were kindly set up in one of their meeting rooms for the day, connected to the corporate WiFi network and, while my colleague requested an office tour to keep the receptionist occupied, I was able to access company data undetected by plugging a USB stick into an unattended computer.
So many people think of cybercriminals as virtual beings, but they exist in the physical realm too. You should never be too trusting of anyone you don’t know trying to gain access to your environment, and always be aware of people looking over your shoulder while you work.
This is a prime example of the type of awareness I try to raise about how a hacker could subvert the human layer of security and what they could gain. It goes so much further than learning not to click on a phishing email and emphasises how crucial it is that our jobs extend beyond screens and the digital realm.
Improving your security
There are a few things that businesses can do to avoid falling foul of an (ethical) hacker’s tactics. Most importantly, there needs to be more education and awareness around the different external and internal threats that businesses can be exposed to and more importantly, a deep understanding that a hacker is not only limited to their screen.
I hope I’ve opened your eyes to the full breadth of an ethical hacker’s work. While employing firewalls and digital defences is a vital part of a business’ cybersecurity strategy, you don’t know what you don’t know. Therefore, ethical hackers can be a crucial tool to uncover the vulnerabilities you didn’t know you had and gain advice on how to fix them.
To read more stories on cyber security click here
Subscribe to our Editor's weekly newsletter