Saturday, May 13, 2023

How Do You Cyber Defend Your Business With Rising Inflation? Hire The Ethical Hacker

 


Well there is no doubt that we could be heading for a recession, when it will happen nobody really knows yet.  But it is true that American folks are feeling the costs of higher prices, whether it comes to their credit cards, mortgages, or even the price at the pump (here in Chicago, it is notoriously high). 

Now there is another huge storm brewing in the economic headwinds here, and that is the fear that the US could default on its own debt unless a deal is reached in Congress.

Everybody is hopeful about this, as nobody, not even the politicians, want this to happen.  But in downturns like this, all businesses feel the impact.  And it is true for Cyber as well.  For most SMBs, it has really never been a top priority, and it falls even further to the bottom of the rung now. 

Although Cyber should still be priority for every individual and every organization, this common way of thinking still persists:  “Why should I invest in a security program if I have never been yet”?

Even many Cyber vendors are also feeling the pinch of the slowdown, and because of that, many of them are now offering price points that are attractive to SMB owners.  Their hope is that as they potentially lose bigger clients, they can make up the revenue gap with the SMB market. 

Although VC spending still continues to go into Cyber startups, the momentum which it had is also slowing down.

So, this all feeds a viscous cycle:  With no new innovations coming out, and nobody really spending any more money on Cyber, the hackers now have the upper hand.  But there is a way around this.  Although it may sound corny and even ridiculous, the answer lies in possibly hiring an Ethical Hacker to help you shore up your defenses.

What is an Ethical Hacker you may be asking?  Well, this is an individual (or perhaps even a company) who was once on the dark side of Cyber but has now turned for the good.  Their main objective now is not to harm people, but to help them.  These kinds of individuals are great to hire when it comes to Penetration Testing and Threat Hunting. 

The ultimate goal when conducting these exercises is to take the mindset of an actual, real life Cyberattacker, and try to take the walls of defenses of a business that needs to have these kinds of services. 

So, rather than trying to train people to do this, why not hire an Ethical Hacker to do this?  After all, they have done this before, so for lack of a better term, they literally know all of the ins and outs of how to hack, because they have done it before.

Also, Ethical Hackers can be used for Bug Bounty programs.  This is where a tech company (such as Oracle or Google) comes out with a new product or service, but they want to make sure that all of the bugs have been worked out. 

So to do this, they typically announce a program that lets people, especially the Ethical Hackers, try to break those systems.

If turn, they also have to come up with a viable solution, and prepare a rather exhaustive report as to what they found, and how they would remediate the weaknesses or the gaps that they have found.  They then submit this report, and if the tech company that announced the Bug Bounty program likes what they see in this report, the Ethical Hacker is then awarded with a very nice cash prize, somewhere in the 5 digits.  This could also be a new revenue stream for a Cyber startup.

Also, given the current threat landscape, hiring an Ethical Hacker or even a team of them makes sense.  Consider these stats:

*In 2022, the total number of Cyberattacks increased by a staggering 87%;

*The total number of Cyberattacks against government institutions went up by an alarming 95%;

*The average cost of just one Cyberattack reached a jaw dropping $4.35 million.

The sources for these stats came from here:

https://www.bloomberg.com/news/articles/2023-02-14/ransomware-attacks-on-industrial-firms-increased-by-87-in-2022?leadSource=uverify%20wall

https://cloudsek.com/whitepapers-reports/unprecedented-increase-in-cyber-attacks-targeting-government-entities-in-2022

https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/

Also, by taking on an Ethical Hacker, you the SMB owner, are helping to shorten the ever-widening Cyber worker shortage.  Remember, you do not have to hire one of these guys on a full-time basis unless you feel inclined to do so. You can always hire them as needed on a contract basis, which will save you quite a bit of money.

My Thoughts On This:

In today’s times, the overall IT Security team is just burned out from trying to keep up with what they have.  A great alternative to automation is to hire an Ethical Hacker.  Why train someone to think like a Cyberattacker?  Just hire somebody who has already been one!!! Yes, I know, there could possibly be a lot of fear for an SMB owner to take on a person like this.

In other words, hiring Ethical Hackers can be a great staff augmentation solution as well.

But keep in mind that you bear the same kinds of risks when you hire any other kind of employee.  Finally, as it has been so nicely put in this quote:

“Economic turbulence means less investment in cybersecurity and a surge in cybercrime. Put simply, it's a recipe for disaster.”

(SOURCE:  https://www.darkreading.com/attacks-breaches/why-economic-downturns-put-innovation-at-risk-and-threaten-cyber-safety-)

So to use the old proverb:  “Why not fight fire with fire?”

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...