Hacking isn’t what it used to be.
Many people associate hacking with an teen in his room attempting to break into a government website just because. If your perception of hacking is a bit more sophisticated, you might imagine a black hat hacker distributing malicious code. Maybe you imagined a cyber terrorist, motivated by political or religious beliefs.
What you likely don’t envision are ethical hackers. Large companies are now hiring white hat hackers frequently. Companies hire them to help protect them against potential threats, bugs or attacks.
Turns out, hacking is now big business. Increasingly, companies are willing to pay big bucks to hire computer security specialists to test and monitor systems and networks.
These “security specialists” may not always be the most savoury of characters: KPMG has reported that just over half of UK-based companies would resort to hiring someone with a criminal record in order to stay ahead of cybercriminals. This is a testament to the very real threat these companies perceive when it comes to hacking.
How serious is the hacking problem?
Recent research from WhiteHat Security reveals some pretty terrifying statistics about how vulnerable the average website is. This comes with what they actually need to be concerned. From the WhiteHat Security analysis of 30,000 websites they found that:
- 86% of all websites had at least one vulnerability.
- Retail sites may be at the highest risk, with 55% falling into the category of, “always vulnerable”; meaning they are vulnerable every single day of the year.
- 163 days is the typical amount of time to repair a report from the day it’s reported
Add to this alarming stat to the fact that an estimated 30,000 websites are hacked each day, and it’s no wonder businesses are willing to pay top-dollar to beef up their security.
But it’s not only private companies who are recognizing the risk posed by hackers. A 2015 worldwide threat assessment released by the US Senate Armed Services Committee mentions cyber threats even before organized crime or weapons of mass destruction. The report underlines the ongoing threat posed by hackers. It notes that “the cyber threat cannot be eliminated; rather, cyber risk must be managed.”
If even the government can’t eliminate risks of cyber attack, the prospects of safety for private companies are more grim. Some experts are predicting that cybercrime will cost businesses over $2 trillion by 2019, making it clear that businesses will need to find better ways to manage this risk.
Bug bounty programs crop up to attract hackers
Companies like Google are getting creative when it comes to dealing with would-be hackers. Instead of making threats or taking legal action, they see these situations as opportunities to strengthen their security.
In an interview with CNBC, Google Apps’ Director of Security, Eran Feigenbaum, stressed the significant benefits of working alongside hackers: “You get a whole new set of eyes. Even with 450 security professionals looking and working on a regular basis to make sure our software’s secure by working with the security community you get a whole extra bench, thinking of things that you may not have thought of.”
This type of protection doesn’t come cheap. Besides hiring an entire team of white hat hackers, last year Google allotted $1.5 million in their budget to award to those hackers who could find previously-undetected vulnerabilities.
Google isn’t the only company implementing these so-called “bug bounty” programs. Companies like Facebook, Samsung and AT&T all offer cash rewards to those hackers who detect and report vulnerabilities. Other companies opt out of awarding cash prizes, instead attempting to lure in small-timers with the promise of company swag or induction into a “hall of fame.”
Other companies have emerged as well, touting themselves as “exploit acquisition platforms.” Security firm Zerodium, for example, allotted $3 million last year (in the form of 3, $1 million rewards) for anyone able to detect iOS 9 exploits or jailbreaks. And HackerOne, a “vulnerability coordination and bug bounty platform” recently announced on Twitter that they have awarded $6 million to to almost 2,300 hackers.
As one Twitter commenter remarked, “Glad to see that bug bountying is now a viable career option for some people.”
Want to become a hacker? There’s a class for that
Worried you’ve missed the boat when it comes to a career in hacking? Don’t worry…it’s not too late.
There are a few ways would-be hackers can become legitimate white hat hackers.
IT requires a degree and experience, like everything else. But that’s just the start. Official certification in hacking is usually a requirement for anyone to get their foot in the door.
Perhaps the most well-known certification is the one offered by the EC-Council, a company which provides a variety of IT security courses. Their 5-day certification in ethical hacking prepares IT professionals to become expert hackers, teaching everything from the ethics of hacking, types of attacks, performing vulnerability assessments, and more. Upon completion of the course, candidates can then take the Licensed Penetration Tester exam to demonstrate mastery in their field.
According to Eric Geier of PC World, the annual salary for an ethical hacker starts at around $50,000, going up to as high as $120,000 or more for consulting. The average salary for IT professionals in the U.S. running somewhere around $80,000/year. It seems ethical hacking may actually be a financially-feasible career choice.
Hackers pose a very real threat to businesses and governments. Harnessing this knowledge can help. Finding vulnerable spots means everyone wins.
Businesses should continue to employ security software, while realizing this only protects against simple threats. Combining these systems with knowledgable, experienced people – even, or especially hackers – will provide the best protection overall.