should

now browsing by tag

 
 

Should your business hire a hacker?

Source: National Cyber Security – Produced By Gregory Evans

Should your business hire a hacker?

Chris Pogue was given the Tech Express treatment by CBR’s Ellie Burns, with the Nuix CISO looking into the recruitment of hackers.

EB: Why would a company want to hire a hacker?

CP: It’s well-known across the board that there is a shortage in cyber security skills in the UK and abroad. It can be beneficial for organisations to turn to those who already have a depth of security knowledge to bridge the gap, and often it is the case that the people closest to these matters are former hackers. Whilst many may be put off by hiring someone labelled in a presumably derogatory manner, hackers have a tremendous wealth of experience which is invaluable to security teams. Ex-hackers or penetration testers have an understanding of the inner workings of a cyber criminal’s mind better than any trained security professional. According to the Nuix Black Report, many hackers and pentesters have indicated that the only difference between the work they perform, and those of a criminal is a statement of work; the tools, techniques, and methodologies are all the same.

They can provide insights into how organisations become compromised and can help protect against these methods. In warfare, General Sun Tzu said:

“IF YOU KNOW THE ENEMY AND KNOW YOURSELF, YOU NEED NOT FEAR THE RESULT OF A HUNDRED BATTLES. IF YOU KNOW YOURSELF BUT NOT THE ENEMY, FOR EVERY VICTORY GAINED YOU WILL ALSO SUFFER A DEFEAT. IF YOU KNOW NEITHER THE ENEMY NOR YOURSELF, YOU WILL SUCCUMB IN EVERY BATTLE.”
The quote holds as much meaning today as it did thousands of years ago. Hackers can provide that rare perspective into the mind of the enemy, as well as helping security teams understand that security is more than just a policy on a paper or an anti-virus programme.

EB: What skills do hackers have which would benefit the business?

CP: Former hackers are often people who have been studying and researching security controls and protocols from a very young age, and consequently have an unrivalled depth of technical knowledge and creativity. They also know the best tools and techniques that can be used to infiltrate organisations. According to the Nuix Black Report, which surveyed cyber attackers, 88% of hackers say they can compromise a target in under 12 hours. Most businesses won’t even realise they’ve been breached and realistically won’t be able to mount any sort of defence before it’s too late. These numbers highlight the need for a well-trained response team with a diverse range of skills, using cutting-edge technology and actively monitoring for threats, in conjunction with expert knowledge and field experience.

EB: What is the advantage of hiring hackers instead of training/reskilling staff?

CP: Former hackers have a unique insight into a world which is largely closed off to the corporate world. Someone who comes from that background has an understanding of criminal motivations that a business professional simply would not be able to emulate through training alone. Enterprises need people who can think differently and creatively, as the criminal world is currently much more agile than those defending. A former hacker can help defence teams stay ahead of the curve on potential threats by teaching them how to recognise attack patterns.

EB: How do you attract hackers for corporate roles?

CP: Attracting hackers to corporate roles is a huge challenge facing the industry, as many are tempted into a life of crime by monetary gain, and the idea of achieving status among their peers. One way we can challenge this is by offering engaging roles which allow creativity and freedom. We need to be engaging with hackers early and showing them a path to success working with organisations instead of against them. This is approach can be effective, but businesses should anticipate it to be expensive. Their skills are highly specialised, and highly sought after – so be ready to pay significantly more than you would pay for traditional IT staff.

EB: What would be your top tip for a business looking to hire a hacker?

CP: A recent study from the UK National Crime Agency found that young people are lured into a life of crime from a very young age, with the average age of a convicted cybercriminal being 17. For those in charge of recruitment, a criminal record will almost certainly ring alarm bells, and rightfully so. While there are risks involved, in general there needs to be a cultural shift in the corporate sector which lifts the stigma of hiring someone with a somewhat tenuous past. Young people need to be able to see that there are lucrative opportunities out there for people with their skills, outside of the criminal world.

Source:

The post Should your business hire a hacker? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How Much Should your Company Budget for Cyber Security?

Source: National Cyber Security – Produced By Gregory Evans

How Much Should your Company Budget for Cyber Security?

There are likely to be three main areas of growth in cyber security in the next decade: cyber risk, cyber insurance and Internet of Things (IoT) security.

It is incumbent on boards to protect the company’s assets, and cyber risk must be understood in monetary terms to communicate it to the board in a language easily understood. This will enable the board to implement a coherent, robust cyber security strategy.

The cyber insurance market is embryonic, and businesses need to understand the level of insurance required. To do this it is vital to evaluate cyber risk. It is easy to underestimate, and therefore under insure, the financial impact of a cyber-attack. Insurance companies are increasingly recognising the need to differentiate themselves and price policies on the actual risk of the insured. Measuring cyber risk requires understanding how business assets are impacted by a cyber-attack. Risk metrics determine how much insurance is actually required by a business.

t is anticipated that by 2020 there will be over 50 billion IoT devices. Recent IoT centred DDoS attacks have caused recent outages for many websites including Twitter, Amazon and Tumblr.

Ultimately, organisations must be proactive in relation to cyber security, factoring security into developments up front rather than reacting to incidents. Cyber risk evaluation is key; cyber insurance provides an extra level of protection, although the risk of inadequate coverage is ever present, and IoT security must be considered to avoid serious repercussions.

Source:

The post How Much Should your Company Budget for Cyber Security? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

5 things marketers should do today to reduce their cybersecurity risk

5 things marketers should do today to reduce their cybersecurity riskSource: National Cyber Security – Produced By Gregory Evans RSA’s chief marketing officer talks about why marketers are now in the business of IT security and how to minimise risk in the face of digital marketing transformation Marketers must … The post 5 things marketers should do today to reduce their cybersecurity risk appeared first […]

The post 5 things marketers should do today to reduce their cybersecurity risk appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com | Can You Be Hacked?

Why digital security should be part of every business strategy

Source: National Cyber Security – Produced By Gregory Evans

There is no doubt that in the highly digitalised world of 2017, digital security should be part of every business strategy, whether it’s for launching a new app or maintaining a website. We are collecting vast amounts of data – …

The post Why digital security should be part of every business strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The sexting terms every parent should know

Police in the UK have issued parents with a “sexting dictionary” of code words teenagers use to secretly exchange explicit messages and photos.

Worried officers have figured out that teens have a sinister new language as part of KPC (Keeping Parents Clueless), reports the Daily Mail.

Police fear many families would not what was going on if they found letters such as WYRN or P911 or LMIRL, MOS, TDTM or IWSN on a kid’s phone.

But they really mean What’s Your Real Name, Parent Alert, Let’s Meet in Real Life, Mum Over Shoulder, Talk Dirty to Me, and I Want Sex Now.

Humberside Police compiled a staggering list of 112 codes that children use while exchanging lewd images and messages.

Read More

The post The sexting terms every parent should know appeared first on Parent Security Online.

View full post on Parent Security Online

Questions Every CEO Should Ask About Cyber Security

Source: National Cyber Security – Produced By Gregory Evans

Online presences are ever growing, but one element of online growth that isn’t increasing at the same rate is the knowledge and awareness of cyber-security. It’s vital all business organisations, large and small ask the right questions when initiating the …

The post Questions Every CEO Should Ask About Cyber Security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How should parents deal with child bullying?

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Parenting challenges you in unexpected ways. Recently, my daughter confessed to me that a boy is bullying her at school for being vegan. This little kindergartener is a constant source of … View full post on Become007.com

Online Dating Software– Things You Should Know

Online Dating Software– Things You Should Know

Cost dating or online dating is an experience that is winding up being amongst the considerable revenue-generating internet service. The principle comes from the impressive top quality of supplying additionally in fact traditional in addition to drawing in technique to … View full post on National Cyber Security Ventures

Why cybersecurity should be important to hospitals

Source: National Cyber Security – Produced By Gregory Evans The rise of digitization in healthcare, heavily fueled in the U.S. in recent years by incentives of the outgoing administration, has brought an unintended and treacherous side-effect: vulnerability to the increasingly rampant hacking of healthcare data. Hackers have found numerous … The post Why cybersecurity should […]

The post Why cybersecurity should be important to hospitals appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com | Can You Be Hacked?

When Should You Shut Down Your Online Dating Profile?

Source: National Cyber Security – Produced By Gregory Evans

When Should You Shut Down Your Online Dating Profile?

Having a conversation with your new partner about when to close your online dating profile is a delicate issue, indeed. It’s probable that a surprising connection can happen when two people are dating online meet for the very first time. …

The post When Should You Shut Down Your Online Dating Profile? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures