Background
In May 2017, 230 thousand computers were infected by a ransomware cryptoworm, called WannaCry—leading to roughly $100 million in damages, according to Infosecurity Magazine. The first of these attacks were first recorded in Europe at 3:24 am EDT, as reported by Norton Rose Fulbright. And they spread like wildfire, globally.
This is a lesser known and extreme example of what malicious actors can do, but it’s not one to overlook.
“If it were measured as a country, then cybercrime—which is predicted to inflict damages totaling $6 trillion USD globally in 2021—would be the world’s third-largest economy after the U.S. and China,” notes Cybersecurity Ventures. And that figure is expected to rise above $10 trillion by 2025.
There are plenty of these cautionary tales, whether it’s the WannaCry attacks, the SolarWinds incident, the Colonial Pipeline catastrophe—in regard to the latter case, the United States Department of Justice (DOJ) issued a press release on June 7, 2021 (nearly a month after the attack) stating it had finally struck back, seizing 63.7 bitcoins from the cybergang, DarkSide.
Speaking with The New York Times on the matter, Ulf Lindqvist, Ph.D.—a director at SRI International who specializes in threats to industrial systems—said, “We’ve seen ransomware start hitting soft targets like hospitals and municipalities, where losing access has real-world consequences and makes victims more likely to pay . . . We are talking about the risk of injury or death, not just losing your email.”
So, while the DOJ, the FBI, and other agencies are putting dollars toward investigating such devastating attacks, cybercriminals are still becoming increasingly sophisticated, more creative, and far more effective.
How can businesses build up their defenses and do their best to protect themselves from costly attacks—the worst of which hit the news cycle, bringing negative publicity to boot?
Donning your white hat
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” —Sun Tzu, The Art of War
The term “hacker” carries a negative connotation, but it denotes the act of using technical knowledge to discover an unconventional solution to a problem within a computerized system. In fact, “law enforcement agencies across the globe are adopting hacking techniques to track down criminals,” as a paper by the Boston University School of Law states.
So, while cybercriminals (black hat hackers) are creating new techniques to break the law, steal your data, and do harm, ethical experts (white hat hackers) are working to remain ahead of the next hack by understanding systems, identifying vulnerabilities, and mitigating risk. Upon agreement, they legally hack a company—typically by performing a penetration test, or a pen test—before planning the next steps of action.
Now is always the best time to fortify your defenses—because you can’t afford the damage that the next cybergang to target your enterprise can potentially cause. And that’s why you should consider hiring an ethical hacker. Where can you find one?
BizTech offers an insightful article to walk you through all the considerations for hiring the right contractor for your organization’s specific needs. You can also find a listing of managed service providers, offered by Gartner, and a more comprehensive listing by the technology collective, Read Dive.
Given that this line of work is highly sensitive in nature, it’s important to work with a company—or a freelancer—that you can trust. It may be worth asking around for recommendations within your IT department as well. Once you find the right white hat expert, you’ll be well on your way to thinking like a hacker and gaining the assurance of an optimized security strategy.
