Businesses should consider adopting ethical hacking strategies to develop and add to their existing security practices, Frost & Sullivan has advised.

The business research and consulting firm highlighted that because there is a considerable amount of change in how businesses operate, as they adopt new technologies, the breadth and depth of security risks increases.

These new technologies include virtualisation, the very popular cloud computing, IT outsourcing and BYOD (bring your own device), which though beneficial to many organisations, must also be matched with "beefing up" existing security policies.

"The increased sophistication and success rate for recent cyber attacks is directly related to the shift in attacker profile, indicating that nation-states and large criminal organisations are funding well organised, highly motivated, and well trained teams of programmers," stated Chris Rodriguez, an industry analyst at Frost & Sullivan.

"The elevated threat landscape therefore urgently dictates the need for a comprehensive, real-world assessment of an organisation's security posture. This assessment is a first vital step to enact effective security policies, procedures, and infrastructure that will prevent or mitigate the effects of a data breach."

According to the firm, which also offers market scrutiny, market research and reports, using ethical hackers is particularly advantageous to an organisation because it delivers an "objective analysis" of its security system.

In principal, the ethical hacker adopts the personal stance of a cyber criminal and approaches the system from a position of unfamiliarity. As such, the ethical hacker will deploy a number of approaches to test how resilient such a system is.

"The result of such an assessment is an actionable report with valuable remediation advice tailored to the customer's unique IT environment, capabilities and security objectives," expanded Mr Rodriguez.

He added that this, in turn, will assist organisations in prioritising their approach to data protection, help enhance existing security measures – firewalls and intrusion prevention systems – and facilitate identification of any gaps in knowledge, which would then require further training.

"Businesses still remain sceptical about the risk inherent with inviting a third-party to attempt to access sensitive systems and resources," observed Mr Rodriguez, appreciating the concern. "To reduce this fear, businesses should hire only ethical hacking companies that implement practices to ensure privacy and confidentiality."

Posted by Jane Newton

Get the latest industry news straight to your inbox, click here to sign up.

Recent News