The Role of Ethical Hacking in Cyber Security

Hacking is the practice of seeking, identifying, and capitalising on inherent weaknesses within a computer’s operating system. It is a tactic used by cyber criminals to exploit vulnerabilities, extract data, and/or embed malicious code, malware, or viruses. When pursued for personal or organisational gain, hacking is a crime punishable by fines, prison sentences and an incontrovertible mark on an individual’s professional and legal record.

Many companies and agencies have found value in the talent and resourcefulness of hackers. Ethical hacking uses the same skills, traits, and techniques of criminal pursuits—but to entirely different effects. By masquerading as an intruder, ethical hackers can determine the compromised and unguarded components of a system to strengthen rather than degrade it. Ethical hackers use the same tools as their criminal counterparts, but for an entirely different purpose.

Hiring Hackers

Cybercrime is one of the most prevalent and growing concerns for individuals, companies, government agencies, and universities in 2024. Over the course of the pandemic, cybercrime increased by 600 percent around the world, with more than $4.1 billion in losses in 2020 alone. The stakes are growing increasingly high—some experts predict that overall losses could run up to $10.5 trillion by 2025. There is a greater cost than money—health and personal safety are also at risk.

One ethical hacker demonstrated inherent weaknesses in pacemakers and insulin pumps that could be exploited to widespread harm, leading to critical changes to code to ensure they could no longer be compromised.

Others have shown the myriad weaknesses in smart phones and the Internet of Things (connected devices that communicate via a home-based or external system). Security systems for webcams and personal computers have been strengthened by breaches by well-meaning, purposeful hacking.

Ethical hackers—also known as “white hats”, in contrast to criminal hackers known as “black hats”—work with the permission of the company or organisation that owns and operates the software or systems being assessed. They are cyber-security experts who jump over the fence of legality for brief moments to mimic the actions of individuals working for their own gain.

The Power of Penetration Testing

Penetration testing (or pen testing) is one of the most common examples of an ethical hacker’s work. Hackers with little or no prior knowledge of an operating system are hired to launch a simulated attack, beginning with reconnaissance that help them shape a broad set of tools designed specifically to compromise the safeguards and security measures in place.

The pen test can include the injection of code that allows the hacker unfettered access to private data, governing systems, or communication systems that may be used to send phishing emails. The last stage of a pen test is covering tracks to ensure the hacker’s footprints remain undetected.

White Hats to the Rescue

Pen tests and other ethical hacking jobs are increasingly becoming a crucial element of resilient and defensible security systems. Without white hats, it is difficult to determine if a system has loopholes or unintended pathways available to unwanted intruders.

Inviting and collaborating with talented hackers can be a huge asset to the security and overall strength of an operating system.

About the Author

Dean Stancevski is a Senior IT Consultant and the founder of DS Technology Consulting Services, offering on-site and remote technical IT services to private and public organisations. A creative problem solver, Dean specialises in helping small- and medium-sized organisations grow by providing customised services to streamline IT systems and operations.