Ethical hacking serves as a proactive defence against ever-increasing security threats.
Hackers are becoming smarter and are now targeting all areas of the organisation, said Christiaan Roos, VP of information security audit at Barclays Africa, during his presentation at the South African chapter of the annual ISACA conference.
According to Roos, an ethical hacker will attack a security system on behalf of its owners, in an attempt to discover the vulnerabilities that a malicious hacker could exploit. "Ethical hacking is one of the best responses to IT risks," he said, noting that ethical hacking is a preventative security approach, in that it will guard the company against security threats before they occur.
Roos noted that ethical hacking assists an organisation in its ability to withstand hacks by highlighting obvious vulnerabilities and revealing the likelihood of both internal and external hacks. "Ethical hacking allows an organisation to see where there is room for improvement."
Roos acknowledged the issues related to ethical hacking implementation. Ethical hacking can very easily not be used effectively. He added that in order for ethical hacks to be of any value to the business, they must be undertaken by IT experts, who can be hard to find.
"The success of an ethical hacking assignment depends largely on the skills level of the hacker," he noted. Roos also believes the pitfalls of ethical hacking strategies result from a lack of guidance on how to use this kind of hacking effectively.
Roos' assertions about ethical hacking are based on the results of his PhD research, which explored how South African financial institutions deal with cyber crimes and IT risks. His findings are based on insights provided by the company secretaries and CIOs of 16 locally registered banks in SA.
According to Roos, his research revealed a general lack of focus on IT governance within the banking sector. He also found that the individuals responsible for IT, as well as company board members, are not fully accepting their IT governance responsibilities.
"My research has shown that there is a very strong link between all kinds of business risks, IT risks and hacking," he concluded. "Hacking truly is a pervasive risk across all areas of a business, and businesses need to be putting the right procedures in place to prevent attacks."
Share