The words “a hacker has infiltrated our systems” sound like a disastrous scenario for any firm – but what if the hacker were welcome? Invited, even? While many firms have invested in cybersecurity technology and training, the true strength and weaknesses of a company’s defenses will only be revealed when put to the test.
Enter ethical hacking. To be clear, ethical hackers (sometimes referred to as “white hats”) are not criminals hired to access your secure environment. They are experienced professionals with deep knowledge on how to penetrate systems, analyze the shortcomings and deliver clear recommendations to improve vulnerability management plans.
Ethical hackers are trained to think like unethical (or “black hat”) hackers. It’s an in-demand role; the International Council of E-Commerce Consultants created the Certified Ethical Hacker (CEH) program and some UK universities also offer degrees in ethical hacking. Ethical hackers are not required to be certified, but it’s highly recommended they come from a trusted cybersecurity firm.
How does it work in practice?
At Drawbridge, we include three major components: social engineering, simulated cyber-attacks and risk-based penetration tests. Employees are often simultaneously a firm’s strongest defense and weakest links, so testing employee training gaps is a crucial step. Drawbridge has extensive experience in the alternative investment industry, and our social engineering techniques are tailored to your hedge fund or private equity firm. Simulated cyber-attacks test your defenses and identify security vulnerabilities hackers might exploit. The goal is to move toward running risk-based penetration tests over all encompassing point in time tests, combined with ongoing vulnerability management that allows the team the opportunity to run more valuable and tailored tests.
Deciding to undergo an ethical hacking exercise depends on each firm’s cybersecurity needs, risk posture and internal processes and infrastructure. Ideal candidates are firms that have made new additions to the network and infrastructure, recently updated policies, made upgrades or changes to the firm’s systems and applications or recently opened new office locations and onboarded new employees.
To find out if ethical hacking and penetration testing is right for you, reach out to our Drawbridge experts. A tailored, personalized service is central to the way we work, and we’ll offer our recommendations taking your firm’s cybersecurity maturity and vulnerability management needs into account.