Hacking isn’t what it used to be.
Many people associate hacking with an awkward teen, sitting in his room attempting to break into a government website just to see if he can. If your perception of hacking is a bit more sophisticated, you might imagine a black hat hacker distributing malicious code, or even a cyber terrorist, motivated by political or religious beliefs.
What you likely don’t envision are ethical hackers – the white hat hackers who are now routinely being hired by large companies to help protect them against potential threats, bugs or attacks.
Turns out, hacking is now big business. Increasingly, companies are willing to pay big bucks to hire computer security specialists to test and monitor systems and networks.
These “security specialists” may not always be the most savoury of characters: KPMG has reported that just over half of UK-based companies would resort to hiring someone with a criminal record in order to stay ahead of cybercriminals. This is a testament to the very real threat these companies perceive when it comes to hacking.
How serious is the hacking problem?
Recent research from WhiteHat Security reveals some pretty terrifying statistics about how vulnerable the average website is, and with what they actually need to be concerned. From the WhiteHat Security analysis of 30,000 websites they found that:
- 86% of all websites had at least one vulnerability.
- It takes an average of 163 days to repair a vulnerability from the day it’s originally reported.
- Retail sites may be at the highest risk, with 55% falling into the category of, “always vulnerable”; meaning they are vulnerable every single day of the year.
Add to this alarming stat to the fact that an estimated 30,000 websites are hacked each day, and it’s no wonder businesses are willing to pay top-dollar to beef up their security.
But it’s not only private companies who are recognizing the risk posed by hackers. A 2015 worldwide threat assessment released by the US Senate Armed Services Committee mentions cyber threats even before organized crime or weapons of mass destruction. The report underlines the ongoing threat posed by hackers, and notes that “the cyber threat cannot be eliminated; rather, cyber risk must be managed.”
If even the government can’t eliminate the risk of cyber attack, the prospects of safety for private companies are even more grim. Some experts are predicting that cybercrime will cost businesses over $2 trillion by 2019, making it clear that businesses will need to find better ways to manage this risk.
Bug bounty programs crop up to attract hackers
Companies like Google are getting creative when it comes to dealing with would-be hackers. Instead of making threats or taking legal action against those who infiltrate their systems, they are looking at these situations as opportunities to strengthen their security.
In an interview with CNBC, Google Apps’ Director of Security, Eran Feigenbaum, stressed the significant benefits of working alongside hackers: “You get a whole new set of eyes. Even with 450 security professionals looking and working on a regular basis to make sure our software’s secure by working with the security community you get a whole extra bench, thinking of things that you may not have thought of.”
This type of protection doesn’t come cheap. Besides hiring an entire team of white hat hackers, last year Google allotted $1.5 million in their budget to award to those hackers who could find previously-undetected vulnerabilities.
Google isn’t the only company implementing these so-called “bug bounty” programs. Companies like Facebook, Samsung and AT&T all offer cash rewards to those hackers who detect and report vulnerabilities. Other companies opt out of awarding cash prizes, instead attempting to lure in small-timers with the promise of company swag or induction into a “hall of fame.”
Other companies have emerged as well, touting themselves as “exploit acquisition platforms.” Security firm Zerodium, for example, allotted $3 million last year (in the form of 3, $1 million rewards) for anyone able to detect iOS 9 exploits or jailbreaks. And HackerOne, a “vulnerability coordination and bug bounty platform” recently announced on Twitter that they have awarded $6 million to to almost 2,300 hackers.
As one Twitter commenter remarked, “Glad to see that bug bountying is now a viable career option for some people.”
Want to become a hacker? There’s a class for that
Worried you’ve missed the boat when it comes to a career in hacking? Don’t worry…it’s not too late.
There are a few ways would-be hackers can become legitimate white hat hackers or “penetration testers,” as they’re sometimes called.
As in many fields, a college degree and related experience in IT will probably be required. But that’s just the start. Official certification in hacking – as unlikely as that sounds – is usually a requirement for anyone looking to get their foot in the door.
Perhaps the most well-known certification is the one offered by the EC-Council, a company which provides a variety of IT security courses. Their 5-day certification in ethical hacking prepares IT professionals to become expert hackers, teaching everything from the ethics of hacking, types of attacks, performing vulnerability assessments, and more. Upon completion of the course, candidates can then take the Licensed Penetration Tester exam to demonstrate mastery in their field.
According to Eric Geier of PC World, the annual salary for an ethical hacker starts at around $50,000, going up to as high as $120,000 or more for consulting. The average salary for IT professionals in the U.S. running somewhere around $80,000/year, it seems ethical hacking may actually be a financially-feasible career choice.
Hackers pose a very real threat to businesses and governments. But, when this specialized knowledge and skill-set can be harnessed and used to identify vulnerabilities, everyone wins.
Businesses should continue to employ security software, while realizing this only protects against simple threats. Combining these systems with knowledgable, experienced people – even, or especially hackers – will provide the best protection overall.