With the global cost of cybercrime expected to surpass $2 trillion by the end of 2019, it’s no surprise that organizations have sought out unconventional cybersecurity strategies. For years, businesses have encouraged — and even hired on — hackers to unearth their digital vulnerabilities.
To be clear, these hackers aren’t bad guys turned good. Ethical, or white hat, hackers use their computer security expertise to hack into organizations’ digital infrastructure and identify cybersecurity weaknesses, rather than exploit them. The profession isn’t necessarily new, but the ethics surrounding it have begun to evolve.
While that isn’t to say that all ethical hackers are easily swayed, the promise of a hefty payout or even “hacktivist” glory can be attractive. With this knowledge in mind and sensitive data on the line, businesses must reassess their ethical hacking practices. Before communicating with outside ethical hackers or bringing an ethical hacker onto your team, consider how you can best ensure this practice isn’t endangering your organizations’ data.
How to hire an ethical hacker
Companies have offered bug bounties to outside hackers for years, but it’s different to invite a white hat into the office — and behind your security perimeter. When hiring an ethical hacker, organizations should reinforce all of the precautions usually taken during the onboarding process to ensure their data and their customers’ is protected.
Remember, ethical hacking is an increasingly accepted and legitimate profession. Therefore, be careful not to treat an ethical hacker like a former (or current) criminal. While the nature of their duties is historically “bad,” that doesn’t warrant a set of guidelines separate from their coworkers. Doing so makes an already traditionally solitary role even more isolating and could make them feel like they are doing something wrong when they are actually helping your business.
Just as you would for any employee that handles or has access to sensitive company data, be sure to make it clear in the ethical hacker’s contract that legal action or other serious consequences are possible should they misuse company data and information. Be sure to thoroughly check their references and obtain a comprehensive history of their career to cover your bases.
Companies should indicate in ethical #hacker’s contract that legal action or other serious consequences are possible should they misuse company data. #respectdata
Click to Tweet
It’s also critical that you make an effort to ensure that other employees do not perceive their new coworker as dangerous or untrustworthy because of the nature of their work. Encourage trust and familiarity with team-building exercises throughout the company and education initiatives that help everyone understand the projects the ethical hacker is working on. When there is visibility into what the ethical hacker actually does, the employee feels supported and accepted — and leadership has extra reassurance that the hacking remains ethical.
Approach outside ethical hackers with a set protocol
While you’re rethinking your organization’s policies toward hiring ethical hackers, it’s worth considering how you deal with outside white hats too. Some organizations offer “bug bounties” to those who can find previously unnoticed vulnerabilities in their digital infrastructure. It could be dangerous to overlook these independently operating hackers — over 70% of cyber attacks are financially motivated, so having some sort of compensation is a best practice.
Organizations must be open to all security opportunities
In an environment where cyberattacks are only set to increase, being open to the latest cybersecurity strategies is essential to protecting the digital infrastructure of your organization. While there are some risks that come with ethical hacking, having someone who thinks like and is equipped with the same skills as the bad guys might be the best way to keep your information safe from them.