Ethical hackers are finally getting their rewards

For too long, the unsung heroes of cybersecurity have been undervalued

Hacking on keyboard

Was 'Phineas Fisher', the black hat hacker who brought Hacking Team to its knees, right when he described himself as an ethical hacker?

Fisher, not his real name, claimed that leaking documents and expropriating money from banks is ethical hacking.

The dictionary definition of 'ethical' is quite clear that it pertains to right and wrong in conduct or being in accordance with the standards for proper conduct within a profession, while to 'hack' is to gain unauthorised access to data. 

Advertisement - Article continues below

So Fisher is half right. Where he's all wrong is in assuming that taking money from banks is proper conduct for an ethical hacker (whether it's morally wrong is a conversation for the pub).

An ethical hacker needs to adhere to certain rules of the game lest they become just another black hat on a mission. Whether that mission is to steal money, deface for political reasons or just 'for the lols' is irrelevant to be honest - black hat is as black hat does.

Fisher went on to make matters worse by suggesting that most ethical hackers are just working to "secure those who pay their high consulting fees" and these are the very people who "are often those most deserving to be hacked".

Advertisement
Advertisement - Article continues below

Most of the ethical hackers I know are driven by one thing, and that's a desire to secure stuff. Yes, the money comes in handy as they also have to live like the rest of us. 

Advertisement - Article continues below

What they do is find the weaknesses before the bad guys can, and they do so using many of the same methods. It's penetration testing Jim, but not as we know it. Yes, there's money to be made too, good money. And about time as well. For far too long the decent money in security has always been on the wrong side of the fence.

How many hackers do you know who are happy wearing a suit, sitting on a board? I can tell you I know very few, over my more than two decades in IT, who have climbed that particular greasy career pole. Nevertheless, the skills of the hacker are just as vital to the enterprise, the business, as the skills of the CISO. They're just undervalued, that's all.

This is why bounty programmes, like Uber's, and an understanding of what ethical hackers do, what they bring to the corporate security posture, are so important. The reward bar has been raised considerably over the last couple of years, and finally hackers who want to improve data security rather than destroy it are seeing a return on their skill investment.

Advertisement - Article continues below

All of this is not attracting black hats into the ethical realm, at least not as far as I can see, but it is preventing grey hats from dropping a few shades and entering the dark side. Surely we can all agree that this has to be a good thing?

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ethical-hacking/356252/poorly-secured-banking-apps-lead-to-cyber-threats
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020
Visit/security/malware/356231/most-malware-came-through-https-connections-in-q1-2020
malware

Most malware came through HTTPS connections in Q1 2020

25 Jun 2020
Visit/security/phishing/356211/phishing-attacks-target-unsuspecting-wells-fargo-customers
phishing

Phishing attacks target unsuspecting Wells Fargo customers

24 Jun 2020
Visit/security/hacking/356210/trump-administration-wants-to-enhance-the-security-of-gov-sites
hacking

Trump administration wants to enhance the security of .gov sites

24 Jun 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020