Cyberattacks are costing companies an average of $200,000, according to a 2019 study by Hiscox. The abundance of malware attacks, data breaches, and other cyber threats happening to businesses of all sizes mean that everyone needs to take precautions to guard against them. While large corporations often take a financial hit, for a small business, a cyber attack can mean having to close your doors for good.
Because the stakes are so high, having skilled technologists — even custom software development teams — are not enough, and many businesses are turning to ethical hackers. Colloquially known as “white hats”, these are individuals or companies who can identify vulnerabilities in your systems. This allows you to address them before a criminal hacker is able to take advantage of these weaknesses.
It sounds great, but given how new the legitimate profession is and the fact that a large number of ethical hackers have criminal hacking backgrounds, it can be difficult to pinpoint the right person for the job. That’s why we’ve outlined 6 key steps for finding the white hat for you.
1. Identify your needs
Before you go about looking for an ethical hacker, you need to figure out why you’re hiring one in the first place. Of course, you want to ensure your business’s security—that’s a given. But what specific ground do you want to cover? For example, if you’re in an industry that works with a great deal of sensitive data, such as finance, government, or healthcare, you’ll probably want an ethical hacker to help you guard against a data breach.
It’s a good idea to come up with a few main bullet points about the kind of protection you need and your main intent for hiring an expert to assist you.
2. Look for certifications
Ethical hacking isn’t governed by any licensing authority, but there are some certifications a professional can earn. The International Council of Electronic Commerce Consultants (EC-Council) offers certification programs such as “Certified Network Defender” and “Licensed Penetration Tester” and is generally well-regarded as an authority on the subject.
While having the credential on a resume doesn’t guarantee the quality, it does signify that the candidate has gone through a rigorous program and met EC-Council’s high standards.
3. Consider different models
You probably don’t need a full-time employee for your ethical hacking purposes, but you do need an expert. You might see if you have anyone on your IT or software development staff with the appropriate skills, although it’s important to remember that hacking requires some specific qualifications. If you have someone who could be a good fit, you might offer to fund their certification.
Otherwise, consider hiring a consultant or freelancer or party with an outside organization. The model you choose will depend on your needs, including how often you’ll need the professional to review your systems.
4. Get creative
Hacking competitions have become a phenomenon. For example, the European Cyber Security Challenge pits “top cyber talents” from several different countries against one another to solve web security, mobile security, forensics, crypto puzzles, and other challenges.
You can work with organizations hosting contests like this to find talent for your organization. Another approach is to set up a challenge of your own. Your technology team can devise games and tasks for contestants to complete, allowing you to identify hackers who have the skills that align with your organization’s needs.
5. Look online
Just like with other types of consultants and freelancers, you can often find ethical hackers on job-search sites like Monster, Freelancer.com, and Indeed. There are also sites dedicated to helping you find white hats, including Hackers List and Neighborhood Hacker. These marketplaces boast that they only include hackers who conduct their profession legally and ethically. Some only list certified hackers.
6. Vet the candidates
Because of the nature of the job, once you’ve found your specialist, you should carefully vet them. This should involve interviewing them and checking references and past work, as well as conducting a background check.
Ask them about the methodology and tools they use to perform their work. You may want to involve an IT department member in the interview, too. Many ethical hackers were once criminal hackers, so it’s important to investigate candidates rigorously. Your security is on the line, after all.
Hiring an ethical hacker is an important step in your cybersecurity plan. While it may seem counterintuitive, these white hats can add a vital layer of protection to your organization and help you guard against potentially dangerous threats.
