Today the average ethical hacker (or penetration tester)
skillset is a lot more complex than "breaking into
networks". This was an evolution and a response to the
changing landscape of security. When I started, not once did I
think I would find myself pretending to be someone I'm not,
using pin-hole cameras, Neuro-linguistic Programing (NLP) and
lock-picking as part of my skillset. – I honestly
thought I was a computer guy!
The rapid pace of change in the way organisations do business has
developed new models, new services and new products that sometimes
we wouldn't have thought a decade ago. As a side effect,
this evolution however has also changed the playing field for
criminal organisations and has generated not only an amazing
new way of doing business, communicating and going about our daily
lives but also has provided new opportunities for theft and
fraud.
In the present day, Information has moved away from IT as much as
Hacking has moved away from the classic portrayal of Mathew
Broderick as the teenage hacker in the movie "War Games"
or Angelina Jolie in "Hackers". Today hacking is a
multi-billion criminal industry, where you can buy bot-nets in
bundles of hundreds and thousands, and subversive click-to-hack
exploit kits that require no technical knowledge.
There is an established pattern of organised crime focusing
towards the human element in order to reach to the Holy Grail of
Information, via sometimes evading traditional IT defences
altogether, such as using social engineering techniques like
Phishing.
However as cybercrime is becoming more involved and sophisticated
so is cyber security. It has become apparent that static,
defensive measures, whilst important, no longer provide sufficient
protection to address these dynamic, targeted threats to an
organisation's physical assets or digital information; we need
to start engaging in what we could call a "cyber security
transformation". By taking advantage of emerging and
maturing techniques and technologies along with specialised
skillsets we can improve our security posture as businesses by
allowing for more proactive threat management and incident
response.
It may sound complicated but we simply need to start thinking
along with the three pillars of cyber security transformation:
- Awareness - Real time threat intelligence, identifying existing vulnerabilities and continuous monitoring and service improvement.
- Preparedness – Being able to anticipate, assess, plan and prepare for a cyber-attack.
- Response – Attacks will happen. How do we respond, contain and manage the impact?
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
