Last week I was bored and thought I'd pay for some joy and headed to fiverr.
I threw down $10 and asked a freelancer to write me a piece on penetration testing and the need for skilled people and I was not disappointed with the result.
Without further ado, here it is in all it's glory. Enjoy.
Ethical hacking (or penetration testing, but my mind is too dirty to keep calling it that) is the process wherein Cyber Security companies hire programmers to try and hack their own software. It's an essential process that we need to operate and continually improve upon. Hackers cost an average of $485 BILLION every year – from people like you and me! It's high time we started taking Cyber Security and Information Security seriously... or we all just might end up bankrupt!
We live in a digital era where everything and everyone is going paperless, contactless and very nearly valueless, too. Everything we own is being transferred into virtual format, and unfortunately that means that every detail of our lives is subject to the prying eyes of the internet. It is for this very reason that penetration testing exists, and why we need to promote it to our youngsters now and get them to study it. It is estimated that companies will spend 1 trillion dollars on Cyber Security in the next five years... That's more money than people that live in the entire United Kingdom. I can't even imagine one trillion dollars. All of this just so that companies the world over can try to feasibly protect their assets and their clients information... but is it worth it? Are they pumping money into a black hole? I guess time will tell.
The policing of it all is one of the reasons I speculate. Search 'Cyber Security' online and you will be flooded with a veritable tide wave of businesses hoping to catch their share of the one trillion dollars. They use flashy slogans and phrases like 'your business will be safe in our hands.' but is it really? Which government organisations are policing how well they do this? I remain unconvinced... especially after reading what Hackers themselves have to say about Cyber Security. By the looks of things it really doesn't matter how much you spend on Information protection – a weak password is still a weak password, and if your company has 362 employees and each of them has access to the network you can bet your bottom dollar at least one of them has the password '1234'. There seems to be a light at the end of the tunnel though, with some speculating that AI technology will stop hackers in their tracks.
A hackers favourite way to steal information (or money) is to gain entry to a network and become an active member there, so that nobody thinks anything is amiss. To your business the hacker might simply appear as a new employee and you might not ever notice that there was anything wrong with their presence. The reason we need penetration testing to begin with is because hackers continually improve their techniques to overcome bigger and better systems... who knows why. When I envision your average hacker I think of a balding, middle aged guy who got bored of playing MMO's and decided to break something just because he could. For a lot of these types the appeal to hacking is not the monetary reward, but merely the bragging rights. They will continue to do this until we find a way to stop them completely – or until AI can detect when it is being hacked and stop the attack by itself. Arguably though, it would need to have a reasonable level of intelligence before that is possible... and we might already be at war with them by then.
There is a bit of a running joke in the Cyber Security industry at the moment. The hardened programmers maintain that companies are hiring trainees straight out of College because they can pay them less and sometimes get away with branding them as 'interns'. It's a bit of a slap in the face to those who have worked the industry and stayed one or two steps ahead of the hackers for the last ten years. There is a question of experience over technique, and those that are fresh out of College have plenty of knowledge about the newer techniques – but of course you cannot gain wisdom without experience. It is starting to feel like the next few years might be shaky in terms of mass hackings, because if companies don't start seeing the necessity of penetration testing for the vital part that it plays in Cyber Security then they are doomed to ultimately fail. New blood is one thing, and I agree that we need a drive of fresh faces in the Cyber Security industry to keep it up to date – but that doesn't mean we should be pushing out the old blood. We need to learn from them so that we do not repeat any of our own mistakes.
If you are worried about your own Cyber Security and feeling as helpless as I am then you may want to check out this handy blog I found containing some tips on protecting yourself. You never know when your information might get stolen so you should have a read. If you are a business then you have a legal right to protect your customers details and, as such, you really ought to find yourself one of the many companies who provide Cyber Security specifically. Even if they fail it will mean that the buck no longer stops at you.
Until the days that we deal only in AI we need to start taking Cyber Security and penetration testing seriously. We can't pass it off to the cheapest workers because we will end up falling behind in the eternal global race for better technology. Who knows where we go from here? I don't... but I certainly hope we're not already too late to save ourselves.