• Cyber Security

    REQUEST A QUOTATION

    Most people reading this will be aware of reports in the media of government, corporate and political party computer systems being hacked, the most recent being the SA Reserve Bank which the FBI discovered. Others would have read and heard about Ransomware attacks and the scam where a business sends out an invoice which is intercepted and the banking information has been changed, to name a few.

    What do all these have in common? Well, hackers found vulnerabilities in the victim's computer systems, website and/or WiFi. What we do is use the same techniques and tools used by hackers to identify those vulnerabilities and advise your IT department on how to fix them.

     

     Definition

    Ethical hacking, sometimes also called penetration testing, involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating the strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them.

     What is an Ethical Hacker?

    Also known as “white hats,” ethical hackers are security experts that perform these security assessments. The proactive work they do helps to improve an organization’s security posture. With prior approval from the organization or owner of the IT asset, the mission of ethical hacking is the opposite of malicious hacking.

    Hacking experts follow four key protocol concepts:

    1. Stay legal. Obtain proper approval before accessing and performing a security assessment.
    2. Define the scope. Determine the scope of the assessment so that the ethical hacker’s work remains legal and within the organization’s approved boundaries.
    3. Report vulnerabilities. Notify the organization of all vulnerabilities discovered during the assessment. Provide remediation advice for resolving these vulnerabilities.
    4. Respect data sensitivity. Depending on the data sensitivity, ethical hackers may have to agree to a non-disclosure agreement, in addition to other terms and conditions required by the assessed organization. 

    What problems do Ethical Hackers expose?

    While assessing the security of an organization’s IT asset(s), ethical hacking aims to mimic an attacker. In doing so, they look for attack vectors against the target. The initial goal is to perform reconnaissance, gaining as much information as possible.

    Once the ethical hacker gathers enough information, they use it to look for vulnerabilities against the asset. They perform this assessment with a combination of automated and manual testing. Even sophisticated systems may have complex countermeasure technologies which may be vulnerable.

    They don’t stop at uncovering vulnerabilities. Ethical hackers use exploits against the vulnerabilities to prove how a malicious attacker could exploit them.

    Some of the most common vulnerabilities discovered by ethical hackers include:

    After the testing period, ethical hackers prepare a detailed report. This documentation includes steps to compromise the discovered vulnerabilities and steps to patch or mitigate them.

    Impact of vulnerabilities

    • Information disclosure
    • Unauthorized access
    • Identity theft
    • Reputational damage
    • Financial loss
    • Legal consequences
    • Data modification