Ethical Hackers Will Face Criminal Investigation if they Follow Obscurity

Ethical hacker

If an ethical hacker adheres to obscurity, they risk criminal prosecution.

Breach of security may harm a company’s operations, finances, and image. The latter: harm to their reputation, is perhaps what many businesses are most concerned about. This may help to explain why, according to a recent HackerOne poll, 65% of corporations desire to be perceived as infallible. In the meanwhile, 64% uphold a culture of security via secrecy, and 38% are completely opaque about their cybersecurity policies. The continual use of security through concealment is detrimental. A group opens the door for destructive attacks when it ignores its vulnerability and refuses to ask for assistance. However, being honest about your faults is not always simple. What does this mean for the ethical hacker then? They may be the subject of a criminal inquiry.

Who is an ethical hacker?

An ethical hacker, often known as a white hat hacker, is a professional in information security (infosec) who compromises a computer system, network, application, or another computing resource on behalf of its owners and with their authorization. Organizations ask ethical hackers to look for potential security flaws that malicious hackers could exploit. Finding security holes in target systems, networks, or system infrastructure is the aim of ethical hacking. It is essential to identify vulnerabilities and make an effort to exploit them to determine whether they might be utilized for malevolent or unauthorized access.

To identify possible attack vectors that endanger corporate and operational data, an ethical hacker has to have a high level of technical skill in infosec. Those hired as ethical hackers often exhibit practical skills acquired through accredited industry certifications, university programs, and hands-on expertise with security systems. Insecure system setups, known and undisclosed hardware or software vulnerabilities, and operational flaws in procedures or technological defenses are where ethical hackers typically identify security exposures. Distributed denial-of-service attacks, in which several hacked computer systems are redirected to attack a single target, which might include any resource on the computing network, are one example of a potential security danger from malevolent hacking.

Reality vs. Psychology

The truth is that an attacker might hack every company on earth. Executives in the business world are still humans. We struggle to accept our shortcomings. In the corporate context, this incapacity to recognize vulnerability may be pathogenic. Only 13% of respondents to the survey (outside of security and IT) reported having departments that prioritize cyber awareness and training. Furthermore, just 29% of boards participate “deeply” in cybersecurity planning. None of this addresses the problem of inadequate security. Executives in the business world must be aware of the risks. Collaboration via vulnerability reporting also helps others improve their security posture. But none of this happens if you don’t look under the hood.

Do ethical hackers provide a solution?

An approved attempt to acquire unauthorized access to a computer system, program, or data is considered ethical hacking. This may entail imitating the tactics and techniques used by malevolent attackers. Through the use of ethical hacking, the team may identify security flaws that can be fixed before a threat actor can use them against them. This first seems like a wonderful thing. However, many businesses are hesitant to collaborate with ethical hackers. Management may need these hackers to operate in secret, even if they are a part of an inside team. 67 percent of those polled stated they would rather tolerate software flaws than cooperate with hackers.

Where Resistance Originates?

Why do businesses fight against this kind of scrutiny? On the one hand, many people think that addressing security issues hinders innovation or negatively impacts business operations. 81 percent of developers at major businesses admit to deliberately delivering risky apps as a result of pressure to produce products more quickly. Are bug bounty programs therefore worthwhile? Depending on the specifics. It’s advantageous if the bounty hunters identify and fix a critical weakness. However, a business should consult legal counsel before developing a program. Nobody wants a shaky set of terms and conditions that may allow a paid offensive security tester to wander (accidentally or on intentionally) and attack forbidden systems.

Take Security Obscurity Off

Both ends of the risk equation—the danger of a security breach vs the risk of receiving aid from ethical hackers—must be accepted by any firm. According to HackerOne, the likelihood of a vulnerability being undetected is substantially higher.

These are a few of their recommendations:

  • Encouraging regulators to establish liability safeguards that encourage incident disclosure
  • Give explicit instructions on how to disclose flaws to outside security researchers
  • Reward and encourage developers for resolving problems and include them in security procedures and demand thorough supplier security checks.

Ignoring the issue is the worst thing a business can do. It also all begins at the top. The businesses with the best chances of preserving their reputations are those who implement comprehensive security strategies with executive support.

More Trending Stories 
Join our WhatsApp and Telegram Community to Get Regular Top Tech Updates
Whatsapp Icon Telegram Icon

Disclaimer: Any financial and crypto market information given on Analytics Insight are sponsored articles, written for informational purpose only and is not an investment advice. The readers are further advised that Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Conduct your own research by contacting financial experts before making any investment decisions. The decision to read hereinafter is purely a matter of choice and shall be construed as an express undertaking/guarantee in favour of Analytics Insight of being absolved from any/ all potential legal action, or enforceable claims. We do not represent nor own any cryptocurrency, any complaints, abuse or concerns with regards to the information provided shall be immediately informed here.

Close