Over the past decade, as result of digital transformation, the cybersecurity landscape has rapidly evolved with new, more sophisticated cyber threats emerging all the time.
Hackers have become increasingly ingenious and innovative in their approach to scamming both individuals and organisations. The arsenal of tools now readily and cheaply available to would-be hackers has made it easier than ever before for people with limited digital skills to launch devastating cyber attacks at the click of a button.
A string of high-profile breaches has shifted the issue of cyber resilience from being something the IT department solely dealt with to a hot topic in the boardroom. The introduction of more stringent cyber laws reflects the growing importance and debt of care organisations owe to their customers.
In response to this increasing threat, a new breed of hacker has emerged – the white hat hacker, also known as the ethical hacker. Although relatively new to the cyber ecosystem in the grand scheme of things, they are rapidly becoming an important part in the line of digital defence against malicious hackers.
Unlike black hat hackers, they use their digital expertise to help organisations to better fortify their defences against attack. They do this by testing a company’s digital infrastructure for vulnerabilities and to see if they can bypass their defences to gain access to their systems. This form of legal hacking helps to identify and patch flaws before black hat hackers become aware and exploit them.
However, there are still many people who only associate the term hacker with criminals or people out to cause mischief, according to Gerry Grant, chief security officer at Converged Communication Solutions. “We are starting to see much more acceptance of the need to test our networks and applications, and this can only be done with the good guys looking to see what vulnerabilities exist in them,” Grant says.
“Organisations seem to much prefer the term ‘penetration tester’ more than white hat or ethical hacker due to the negative connotations that they have about that word, but the types of things that they do are really similar.”
The number of ethical hackers has increased exponentially over the past few years, which has led to the founding of a swathe of startups like Hackerone, BugCrowd and Synack. These firms help match ethical hackers with organisations offering bug bounty programmes. A number of Scottish universities are even now offering degrees in cyber security, and Abertay University was the first university in the world to offer a degree in ethical hacking.
- Fintech FNZ to Create 200 Jobs Across Edinburgh and Dundee
- How Governments, Companies and the Media are Manipulating us Online
- Almost All 2019 UK Data Breaches Were Caused By Human Error
Companies like Google, Microsoft, Apple, Uber and PayPal have already recognised the value of ethical hackers, and offer some of the most competitive bug bounty programmes in the world, with awards as high as $1.5 million for critical issues.
“There are ethical hackers who are making decent money participating in these schemes and the companies benefit from the experience of lots of people testing their systems,” Grant explains. Since Uber started its bug bounty programme it has paid out in excess of $2 million to more than 600 researchers around the world.
Over the last few years, a number of ethical hackers have grabbed headlines by becoming self-made millionaires through bug bounties. In September 2019, HackerOne announced five security experts had become self-made millionaires through ethical hacking, including Mark Litchfield – the first Brit to publicly hit this milestone.
As companies hold and process ever increasing amounts of both internal and customer data, the need for ethical hackers will also rise. “I firmly believe that companies have a moral and ethical responsibility to ensure that this data is as secure as possible,” Grant says. “The best way to test that it is secure is by using an ethical hacker.”
Last year, the UK and EU launched a new initiative, ‘Hack_Right’, to help reform teenage cyber criminals into ethical hackers to help meet the demand for digital talent and to help them get into lucrative careers.
The pilot scheme has targeted hundreds of young teen hackers between 12 and 23 years of age to educate them about the consequences of illegal cyber activity, but also about the possible career paths their talents could take them on if they chose to become an ethical hacker.
Those eligible for the scheme must be first-time offenders and who are willing to change their behaviour. When police identify a teen suspected of conducting illegal activities, rather than threaten them with criminal action they will instead approach them to see if they will confess.
If they admit their wrongdoing, the teen will be made to undergo up to 20 hours of ethical computer training. Upon completion of the scheme, the teens will be rewarded by being connected to cybersecurity professionals who can discuss with them potential career paths.
With demand for ethical hackers greatly outstripping supply by about threefold, schemes such as these could be essential in helping businesses bolster their cyber defences in the years to come.