Jay Bavisi, President and Co-founder of the EC Council says, “We need Ethical Hackers more today than ever before”.
The rise of IT Security and ethical hackers is due to technology advances and the growing number of threats in the computer world. In the wake of September 11, terrorist attack, when ethical hacking as a concept was put forward by EC Council, it received mixed responses. “Ethical Hacking” is an oxymoron and both, people and media were not ready to accept this term. EC Council explained it as a bodyguard to the computer systems. An ethical hacker is someone who follows ethical principles to protect information and systems from the unethical hackers. Recently, many organizations have faced cyber-attacks leading to the growing need of having professional ethical hackers who can safeguard their networks.
Organizations under constant Cyber-Attack
Banks are major targets therefore they always remain under cyber-threats. “Defending against cyber-attacks account for a significant portion of the $25 billion banks worldwide spend annually on security technology” (Source). Besides banks, other organizations small, medium or large are constantly under cyber-attacks. ‘Adobe Systems last year, faced a data hack of 2.9 million customers’ (Source). Security thus has become a mainstream requirement in today’s world.
To stop a hacker, one needs to think like one and this is what ethical hacking is all about. Ethical hackers also perform security tasks like hackers; however it is to protect the computers and networks of an organization. They have the permission to hack organization’s network in order to perform tests that keep it safe from illegal hacking. Ethical hackers help in improving the security of systems in organizations.
Transition to Cloud Increases Demand of Ethical Hackers
The information world is moving towards Cloud where Virtualization and IT outsourcing are major trends. This transition has increased the level of threats and therefore the demand of ethical hackers. Since the advent of cloud computing, security has been a major concern. In order to avail the benefits of cloud and virtualization without harming the security, companies need to go for ethical hackers. The major challenge that today’s businesses face is the fast growing cyber world and the complexities of security requirements. The hacking tactics are evolving every day and only an expert professional can overcome this challenge. Ethical hackers are thus in high demand in today’s business world.
Why Hire Ethical Hackers?
- To build a computer system that prevents hackers’ access and safeguard system and information from malicious attack
- To manage adequate preventive measures in order to avoid security breaches
- To safeguard user or customer information available in business transactions and visits
- To test networks at regular intervals
- To create security awareness at all levels in a business
Hiring an Ethical Hacker
Companies like IBM employ teams of Ethical Hackers to keep their systems secure.
Costs of security testing vary based on businesses. Businesses with large user data base might need to pay hefty costs while others might pay lesser for information security. Tasks like checking of firewalls, servers, IP addresses do cost high but this investment is justified compared to the loss caused by cyber-attacks. To safeguard the systems, companies can either hire an ethical hacking firm or agency or hire ethical hackers. This decision is made based on various factors. Few businesses cannot afford to allow other agent to hack in systems from outside for security and therefore hire in-house ethical hackers. While others go for ethical hacking firms to protect their systems and network. In both the circumstances, ethical hackers need to sign a legal agreement with various terms and conditions with the host client.
Today, hiring ethical hackers is not a matter of choice but a necessity for businesses. EC Council governs the Certified Ethical Hacker program to qualify professional hackers. For all obvious reasons, CEH are in high demand in businesses across industries worldwide.
SCAMMERS ABUSE MULTILINGUAL DOMAIN NAMES
Cyber-criminals are abusing multilingual character sets to trick people into visiting phishing websites.
The non-English characters allow scammers to create “lookalike” sites with domain names almost indistinguishable from legitimate ones.
Farsight Security found scam sites posing as banks, loan advisers and children’s brands Lego and Haribo.
Smartphone users are at greater risk as small screens make lookalikes even harder to spot.
The Farsight Security report looked at more than 100 million domain names that use non-English character sets – introduced to make the net more familiar and usable for non-English speaking nations – and found about 27% of them had been created by scammers.
It also uncovered more than 8,000 separate characters that could be abused to confuse people.
Farsight founder Paul Vixie, who wrote much of the software underpinning the net’s domain names told the BBC: “Any lower case letter can be represented by as many as 40 different variations.”
And many internationalised versions added just a tiny fleck or mark that was not easy to see.
Eldar Tuvey, founder and head of security company Wandera, said it had also seen an upsurge in phishing domains using different ways of forming characters.
In particular, it had seen an almost doubling of the number of scam domains created using an encoding system called punycode over the past few months.
And phishing gangs were using messages sent via mobile apps to tempt people into clicking on the similar-looking links.
“They are targeting specific groups,” Mr Tuvey said.
And research had established people were three times more likely to fall for a phishing scam presented on their phone.
“To phish someone, you just have to fool them once,” Mr Tuvey said. “Tricking them into installing malware is much more work.”
STATE OF CYBERSECURITY 2018
LEARN ABOUT SEVERAL CLEAR CHALLENGES ENTERPRISES ARE FACING
For the fourth year in a row, ISACA has surveyed security leaders worldwide to determine their insights and experiences with key cybersecurity issues, ranging from workforce challenges and opportunities to the emerging threat landscape.
Part 1 of the report is now available and provides key insights into the current trends in the threat landscape. Among the findings:
- Overall results confirm that cybersecurity remains dynamic and turbulent as the field continues to mature
- Skill challenges remain but are better understood
- Gender disparity is present but can be mitigated
- It is predicted that budgets will increase at a higher rate than last year-64% of respondents indicate that their security budgets will expand
- Confidence in preparedness is increasing but organizational alignment is inconsistent
Download your FREE copy of the White Paper – State of Cybersecurity 2018, Part 1 to see how your experience compares to the findings.
GLOBAL RELEASE: SMART CITIES POSE NEW SECURITY CHALLENGES AND OPPORTUNITIES
chaumburg, IL, USA (29 May 2018) — As smart cities integrate connected technologies to operate more efficiently and improve the quality of city services, new vulnerabilities arise that require diligent governance of municipal technology. New ISACA research on smart cities reveals several key areas of consideration when it comes to the security of these cities and the critical infrastructure systems they depend upon.
Global survey respondents flag the energy sector to be the critical infrastructure system most susceptible to cyberattacks (71%), followed by communications (70%) and financial services (64%). Interestingly enough, energy and communications also are among the top three critical infrastructure sectors that respondents anticipate can benefit the most from smart cities, along with transportation.
The research shows that malware/ransomware and denial of service are the two most concerning types of smart infrastructure attacks. Additionally, respondents noted that cities’ smart infrastructure is most likely to be targeted by nation-states (67%) and hacktivists (63%).
Despite the many threats for which cities are specifically vulnerable, only 15% of respondents consider cities to be most equipped to contend with smart infrastructure cyber attacks, compared to 55% who think the national government would be better suited to deal with the threats.
“Before our cities can be identified as being ‘smart,’ we must first and foremost transfer this smart attitude to the way we approach and govern the rollout of new technology and systems,” said Robert E Stroud, CGEIT, CRISC, past ISACA board chair and chief product officer at XebiaLabs. “Our urban centers have many potentially attractive targets for those with ill intent, so it is critical that cities make the needed investments in well-trained security professionals and in modernizing their information and technology infrastructure.”
The majority of respondents consider implementing new tools and techniques such as smart grids and artificial intelligence for cybersecurity to be important, but less than half of respondents consider those likely to be implemented in the next five years.
The need for more effective communication with residents living in a developing smart city also is apparent, as 3 in 4 respondents indicate that municipal governments have not educated residents well about the benefits of living in smart cities. Tapping into smart technology to modernize parking, ID systems and other city services can create efficiencies and lessen congestion.
ISACA’s research polled around 2,000 global respondents in February and March 2018. More information on the research and related resources can be found at www.isaca.org/smart-cities-survey.