Pen Testing As a Growing Industry for Good Hackers

We often hear it. A Bank X was hacked. Social Media Site Z became a victim of a data breach. Celebrity Y was hacked, and we knew who she had an affair with. But in reality, it is not a simple issue to dissect, let alone understand the motivation that people causing these troublesome activities. Hacking does not mean typing magical words or chanting incantations. Keyboard with one hand, a mouse with another hand. It is not like using two keyboards at a time. Hacking is difficult to learn and produce. It takes careful planning and its appropriate time. Blocking bad hackers is even more difficult. However, some people take time to do it.

Cyber attacks are considered as a brother to terrorism, and also a global threat that does not spare anyone. It has a negative effect on the national economy, due to lower confidence of investors towards a company that was hacked. “We foresee an ongoing series of low-to-moderate level cyber attacks from a range of sources over time, which will impose cumulative costs on U.S. economic competitiveness and national security. We saw an increase in the scale and scope of reporting on malevolent cyber activity that can be measured by the amount of corporate data stolen or deleted, personally identifiable information compromised, or remediation costs incurred by U.S. victims,” explained Daniel Coats, U.S. Director of National Intelligence.

A hacker is a person entering a computer system and/or network who is not authorized. Once a hacker enters, they can access information that they should not see. We often hear that Website A and Website B were hacked, but the content to talk about here is different. If Website A account is hacked, it is usually because a password was known. Still, it’s tough but it’s not the same level as entering the company’s infrastructure and steal billions of passwords. Fortunately, it can not be done with a lot of labor. There are several options after a hacker breaks in: collect information, carm the computer system or even to report security risks to the company without doing anything. These are the main differences between hackers.

Black hat is basically a bad guy. They break into the system and obtain information and cause damage. Such activity is illegal in most territories (not all countries have anti-cybercrime laws). There is also a hacker called White Hat hackers. They are ‘hackers for hire’, they work to deliberately invade the corporate system and also hire people and try to break into another system. But it is not to add harm but to check and fix the vulnerability.

Black hat and white hat have identical tools at their disposal, their techniques also resemble one another. Even in the White Hat to check the vulnerability of the system, something that Black Hat hackers always does. It is the feeling of Harry Potter fights against Dark Arts. In order to protect the organizations and end-users from Black Hat’s activities, the White Hats must also know about the dark side.

There is a new business model that many White hat hacker use, in order to monetize their skills, as well as help organizations for establishing a credible cybersecurity defense, it is called penetration testing. It is abbreviated as pen test. Designed to find the best way to gather information and break into the system. Another activity that helps White hat hackers gain fame and earn money today is by joining Pwn2Own and Defcon contests. Basically the ‘olympics of hackers’, participants display their skills to hack a particular system, computer, OS or software using they’re the exploits that they have not yet revealed publicly. It is a huge opportunity for white hats to earn millions while helping the developers in discovering the vulnerabilities of their software.

White hat hacking culture and its growth are the primary drivers in helping companies and communities lessen the impact of black hat hackers. To a point that white hat hackers can organize themselves into companies as well offering pen test services to large corporations. The growth of this new industry is a success for everyone, since the lesser the attack surface, the corporate world will experience less successful cyber attacks.