Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Securing Against Cyber Crime Through Ethical Hacking

Encription : 27 October, 2010  (Technical Article)
UK based Encription explains how penetration testing can benefit UK organisations in preventing them from becoming the victims of cyber-crime
The UK faces a real and credible cyber threat which not only affects our infrastructure, but business as well, and it's a threat that is growing. That is the harsh reality as reported by GCHQ director Iain Lobban, speaking at a recent conference on security.

'Cyberspace is contested every day, every hour, every minute, every second. I can vouch for that from the displays in our own operations centre of minute-by-minute cyber attempts to penetrate systems around the world,' Ian said.

These threats can come from various sources, organised criminal gangs, internal employees and individual malicious hackers, both here in the UK and overseas, and they can do untold damage to businesses. But there may be a way in which organisations can try and protect themselves, their IT, the information they hold and ultimately their ongoing existence. One way of achieving this is by employing the skills of an ethical hacker.

Unfortunately, says Tony McDowell Managing Director of Encription IT Security Services Limited, "It's likely that around 95 per cent of the population are unaware that ethical hackers exist or understand what they do."

So what is an ethical hacker?

Tony, whose company employs a team of ethical hackers and IT forensics experts to ensure the ongoing IT security of organisations across the UK including central and government local government, banks, charities, accountants, building societies and businesses, is well placed to explain. "An ethical hacker (also known as a penetration tester, White Hat Hacker and many other names) is a trusted individual who is not only an expert in IT, but is also a security and forensics expert and has received security clearance through GCHQ," he said. "They will have been formally examined and approved by various official bodies including the University of Glamorgan; a recognised centre of excellence for IT Security and forensics, to carry out penetration testing, which involves using exactly the same tools and methodologies as the hackers and criminal gangs. The difference is that the ethical hacker attempts to access your IT system with your permission and knowledge and for your benefit.

"The ethical hacker, with no previous knowledge of your IT or your organisation whatsoever, will attempt to hack your systems from a remote location, just as a malicious hacker would. They aim to discover any weaknesses in the system that a malicious hacker could take advantage of, for example by getting goods to a checkout on an E-commerce web site, changing the price to zero and having them delivered.

Once an ethical hacker has highlighted all of the vulnerabilities on your system, they will tell you in plain English what the issues and threats are, and inform your IT department and/or web developer exactly what they need to do to fix the problem."

Surveys suggest that over 80 per cent of all websites are vulnerable and that the majority of IT fraud is committed by employees so it can be useful for an ethical hacker to also emulate an attack from the inside, just like an employee, and once again tell you where the weaknesses and threats are and how to secure them.

Another survey has found that 90 per cent of all IT fraud and computer misuse is never reported. This may be due to embarrassment, lack of evidence or not knowing who to report it to - the Police have limited resources. Once again, there is a little known service available to help and that is Digital Forensics. In a recent case of suspected fraud within an organisation, the HR department had used the laptop on which the suspected fraud had occurred, thus invalidating the 'chain of evidence'. Using a Digital Forensic company as soon as you suspect something means that the evidence can be gathered, analysed and protected correctly, and will ensure that it is admissible in a Court of Law or at a Tribunal.

Once again Digital Forensics experts should have been examined and approved by an authorised examining body, and they will usually be penetration testers as well.

So yes the threat is real, it is increasing, but there is help at hand, and remember prevention is always better, and far less costly, than a cure.

IT security is a growing issue for organisations storing and using confidential information on their computer systems, particularly where this data can be accessed and used by criminals to carry out fraudulent activities.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo