Testing the waters: The value of ethical hacking for business

Why bug bounty programs are on the rise

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Navigating the challenges of cybersecurity can be daunting for even the most prepared organizations. As Jamie Woodruff, an ethical hacker, said in a presentation at Vibrant Digital Future: “Your infrastructure is only as strong as your weakest employee. From hacking and cracking to social engineering, every team member within your organization is a risk that needs to be managed.”

Paul Farrington, manager: EMEA solution architects at CA Veracode, says that, with the 2017 State of Software Security report demonstrating that 77 percent of applications have at least one vulnerability on initial scan, it is not surprising that large organizations, such as Google and Apple, are setting up their own bug bounty programs, which employ or incentivize ethical hackers to find vulnerabilities in their software applications.

Ethical hackers or penetration testers, like Woodruff, can work with businesses to highlight the pitfalls and possibilities, run penetration testing, and generally help keep them and their data safe. With cybersecurity skills gaps and shortages continuing to impact the sector, bringing in external skills to test systems makes sense.

Demand increases for penetration testers

ISACA’s State of Cyber Security 2017 report found that, while one-third of the respondents note that their enterprises receive more than 10 applicants for an open position, 64 percent of that one-third indicate that fewer than half of the applicants are qualified. The report went on to note that, even skilled resources, “once hired, require time and training before they are fully up to speed and performing their job at a competence level equivalent to others who are already in the enterprise.”

As the demand for these skills increases and companies look to hire in penetration testers, the industry is working to enhance the reputation of a field that has not always been regarded favourably. The term ethical hacker is in itself problematic and can have negative connotations, particularly given its history. What were once called whitehat hackers now prefer the term penetration testers, and certification and accreditation are becoming the norm.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.