Thinking Like the Bad Guys: What Ethical Hackers Do
When Sun Tzu, the ancient Chinese military strategist, wrote his fifth-century masterpiece, The Art of War, he clearly wasn’t thinking about a battle waged across the internet. However, in the global fight against cybercriminals in the 21st century, his words are as relevant today as they were to the battles being fought back then.
When Sun Tzu wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles,” he could have been writing an instruction manual for a new breed of warrior employed in today’s cybersecurity industry — the ethical hacker. Knowing your enemy and matching their capabilities is at the very core of what ethical hackers do to protect commercial and government computer networks and systems from attack. In short, these pros need to think like the bad guys.
Cybercrime: A $600 Billion Problem
The importance of the defensive role played by the ethical hacker is put into perspective when you consider the cost of cybercrime to the global economy. According to research by computer security firm McAfee, cybercrime costs the global economy $600 billion annually. This translates to 0.8 percent of global GDP.
McAfee highlights increasing levels of sophistication in cybercrime, with hackers adopting new technologies to attack often “stagnant” cybersecurity systems. When it comes to cybersecurity, there is no room for complacency because this isn’t a battle fought on a level field. Criminal hackers only need to be successful once to wreak havoc across vast networks. The cybersecurity experts defending those networks have to be successful pretty much all the time.
With the bad guys continually pushing the boundaries of technology and criminality, the best approach for ethical hackers to combat this pandemic is to try and beat these criminals at their own game.
The Best at Being Bad
According to Alan Watkins, core adjunct professor in National University’s cybersecurity degree programs, thinking like the bad guys means developing an understanding of what motivates cybercriminals, being aware of how they operate, and having a good working knowledge of the tools they use to attack computer networks and systems.
“We teach our students how to hack systems,” says Watkins. “They are taught how to use the tools so that they can bypass either security or detection methods.”
While these students are hacking for a “good” reason, the very serious implications of what they learn and how they apply this knowledge is not lost on anyone at National — students or teachers. Any cyber-related career requires a strong commitment to doing the right thing. “Ethical hackers are hackers — but with integrity. This creates some interesting ethical questions for everyone involved in National University’s on-site or online cybersecurity degree,” says Watkins. “It really is up to the individual to remain ethical, and we instill that throughout the program,”
To maintain pace with cybercriminal gangs, ethical hackers are always playing catch-up in what is a very fluid and ever-changing landscape. Simply put, the good guys must learn how to fight fire with fire — and the skills they learn are in great demand in the workplace.
Fighting Crime Pays
The number of open positions in cybersecurity roles across the nation currently outpaces the available workforce. As connected technologies become more prevalent in industry, commerce, government, and the home, demand for qualified cybersecurity professionals will continue to soar, as will wages.
According to Bureau of Labor Statistics, California boasts the second highest employment level of cybersecurity experts in the United States, with an annual median wage of $108,090 — that’s almost double the national average salary in the US.
If the prospects of high wages in a secure and growing industry aren’t enough of an incentive to join the fight on the good side of the law, it’s worth remembering that crime doesn’t pay in the long run. While the ethereal nature of cybercrime suggests that criminal hackers operate with little hindrance, this list of cybercriminals sentenced to lengthy jail time and hefty fines tells a different story.
Where Do Ethical Hackers Work?
Ethical hackers are employed by a wide variety of organizations, all of whom value and are legally obliged to maintain the integrity of their data, digital infrastructure, and security. You will find ethical hackers in software companies, financial organizations, government agencies, manufacturers, retailers, utility companies, security consulting companies — in fact, in any business or organization that stands to lose significant public trust and financial security should a cyber breach occur.
The cyberindustry also employs thousands of freelance ethical hackers who are often incentivized by bounties to locate and report for vulnerabilities in organizations systems — before the bad guys find them.
Google has reportedly paid more than $15 million in bounties to ethical hackers since launching its bug bounty program in 2010. $3.4 million of this figure has been paid to more than 300 “bounty hunters” in the past year alone, with approximately half of this money being paid out for vulnerabilities in Android and Chrome.
Google isn’t alone in encouraging hackers to take the ethical route and disclose security vulnerabilities rather than using them maliciously or selling the information to criminal organizations. This list of organizations offering bounty programs reads like an A-to-Z of internet and technology companies.
Learn How to Become an Ethical Hacker
Ethical hacking offers a rewarding career opportunity to systems-oriented pros who have high personal integrity, can think out-of-the-box, and discover network and system vulnerabilities before the criminal gangs do. To learn how National University’s bachelor degree in cybersecurity online program can help you launch your career in fighting the growing threat of cybercrime, please visit our program page.