When it comes to addressing the threat of cyber attack, companies are starting to borrow from the playbook of their would-be enemies by hacking their own systems before others get the chance.
The practice is called "ethical hacking" and it's an approach that recently gained worldwide attention when it was revealed that Edward Snowden, the American exile who is now hiding out in Russia after disclosing details about U.S. spy operations, received an official certification in ethical hacking while working as a contractor for the National Security Agency.
The reason for the interest in ethical hacking is clear: security concerns are on the rise — both in the public and private sector. To lessen the risk, companies are investing heavily in security services. A 2010 Gartner survey predicted that spending on worldwide security services would reach $49.1 billion by 2015, a 40 percent increase from 2011.
The Case for Self-Inflicting Wounds
While many companies wait until there is a security breach to fix the system, one way to proactively manage a cyber hack is to simply hack your own system before others do. Ethical hackers — the undercover cops of the IT world — are important investments for companies, especially government agencies, financial institutions or others that deal with highly sensitive information. Third-party companies employ these certified hackers to identify holes in a company's IT infrastructure.
Here is how Cornerstone uses ethical hackers to stay on top of digital security threats and assure our customers that our system is impenetrable.
- We pay third-party professional hacking services to hack our system continuously for two weeks. This is called a penetration test and implements a combination of manual and automatic maneuvers.
- We have conducted these tests four times a year — timed with new product releases — since 2010.
- We publish results upon client request. This how we can prove the security of our system.
- We make sure all red flags that are identified are addressed immediately.
As the spread of cloud-based and other technologies opens up more opportunities for cyber criminals to strike, it is crucial that IT departments be proactive about plugging any holes before they spring a leak.