Managing Partner, Packetlabs
Ethical hackers play the role of nefarious cyber attackers to help businesses plug dangerous holes, preventing would-be data breaches.
Whether you’re responsible for a small startup or a multi-billion-dollar corporation, cybersecurity should be a concern for every Canadian business. And to prepare proper defenses, it pays dividends to hire an ethical hacker.
In 2020, 70% of Canadian businesses reported a cybersecurity incident originating from outside the organization.
Businesses who employ ethical hackers do so to discover and address vulnerabilities in their systems to improve security and avoid a costly data breach. Financial, critical services, and technology firms have hired them in greater numbers because they’ve seen the most attacks, particularly ransomware, though any business in any sector could be a target.
“The user’s always the weakest link, so that’s generally where most campaigns start,” says Richard Rogerson, Managing Partner at Packetlabs, a Mississauga, ON-based ethical hacking firm. “A percentage of attacks try to expose gaps in software patching, insecure configurations, or other challenges within IT security.”
It’s often the end users in an organization that inadvertently open the proverbial door. Attacks frequently come in the same guises they do for home users, like phishing emails or logins through fake web applications. Some also look very legitimate, like recent phishing campaigns spoofing the Canadian government in relation to the COVID-19 pandemic and Canada Emergency Response Benefit (CERB) information.
“When someone breaks into a network in order to obtain administrative access, that’s where it gets more devastating, because they often obtain access to large datasets,” says Rogerson. “To get the data back, they may want a ransom paid, and what’s fuelling the fire is that insurance companies are paying them out because it’s cheaper to pay the ransom than to suffer the downtime while recovering from a backup.”
Ethical hackers conduct “penetration tests” to look for vulnerabilities in systems, websites, and mobile apps and then outline how to fix them. Internal penetration tests refer to devices and assets within the workplace, whereas external tests help protect what cyber attackers can see from the internet. This includes anything on the public internet, such as web applications or email servers. Mobile devices like smartphones and tablets have separate potential challenges.
It’s often the end users in an organization that inadvertently open the proverbial door.
Casting a wider protective net
With the COVID-19 pandemic forcing more employees and contractors to work from home, an organization has to consider how its IT security remains intact when workers aren’t in the office.
“In those situations, they would open up a VPN connection just to allow connectivity into those environments, but it also increases risk at the same time because you now have something that wasn’t accessible externally before,” says Denis Kucinic, Manager of Security Consulting at Packetlabs. “I know of banks who will prevent a computer from being online unless it’s connected to the bank’s VPN first, so you can’t otherwise browse the internet and compromise the system.”
Kucinic adds that it’s important to educate clients on successful cyber security attacks, to help staff know how to respond appropriately while not in the office. Preparedness tests like “cyber fire drills” could also be helpful in keeping employees actively aware.
“A lot of remote workers are now working longer hours, but they may be not as attentive to detail,” says Rogerson. “Adequate training reinforces awareness, and a penetration test method looks for weaknesses to help build a plan to improve.”