By Shameer Sabar.
As technology advances, and organisations incorporate more and more IT systems into their business in order to aid and facilitate their functions and processes, it becomes necessary for them to test the safety and security of these IT systems. Small and medium-sized enterprises also known as SMEs, are especially vulnerable to cyber attacks. According to the Cyber Security Breaches Survey of 2020, 68% of all medium size businesses in the United Kingdom found at least one cyber security breach or attack in the past 12 months. This is partly due to many SMEs not considering themselves targets and so many do not do enough to protect themselves, but even those aware of the risks usually do not have sufficient resources to defend themselves. This is not to say large businesses remain unaffected. The survey also highlighted that 75% of large businesses have also been affected.
Ethical hacking or penetration testing, allows organisations to seek out and correct vulnerabilities and flaws in the security and safety of their computer systems, networks and databases. While malicious hackers or black hat hackers penetrate databases and IT systems of an organisations with ill intent and personal gain, ethical hackers or white hat hackers are hired by the owner of the company and given permission to penetrate the network and computer systems using the same tools and knowledge of a criminal hacker but with the intention to determine vulnerabilities and weaknesses to the security of such systems and networks. Their work is conducted in a lawful and legal manner. by doing so, they can then recommend preventatives and corrective countermeasures to the organisation to prevent cyber attacks.
Ethical hackers use many methods of sourcing vulnerabilities. they use port scanning tools such as Nmap, Wireshark or Nessus to scan a company’s systems, analyse open ports, study the vulnerabilities of each port and take corrective measures. They also critically test patch installation processes to make sure no new vulnerabilities are introduced to take advantage of software updates and exploit them. Using the right tools, they also perform network traffic analysis and sniffing. Ethical hackers also rely on social engineering techniques to manipulate end users and find information about an organisation’s computing environment.
Like black hat hackers, ethical hackers look through activity on social media or GitHub, engage employees in phishing attacks through email or roam through premises with a clipboard to exploit vulnerabilities in physical security. However ethical hackers are given limitations restrictions to their social engineering techniques such as making physical threats to employees or other types of attempt to extort access or information in order to keep their hacking ethical and lawful.