Ethical hacking for cyber security

K.P. SHASHIDHARAN Updated - August 18, 2011 at 07:02 PM.

Organisations must engage competent security professionals to continuously monitor and manage cyber threats and secure sensitive information assets.

Investment in Business Process Outsourcing (BPO) and Information Technology services are estimated to grow by 16.6 per cent during 2011, to reach Rs 43,600 crore in 2012. Expenditure on software is projected to scale by 19.5 per cent during the period, to reach Rs 18,800 crore. The rate of cyber crimes is also bound to grow exponentially in the coming years.

As most sophisticated cyber criminals prefer targeting banks and government organisations, there is an urgent need to revamp the security system for Internet activities and to put in place effective internal controls. As the hackers' prime objective is to find secure IDs for accessing networks for cyber burglary, authentication procedures should be made secure and foolproof from hacking.

The rapidly-increasing use of mobile-banking technologies augments risks and increases vulnerability. When a large number of customers prefer using wireless technology, iPhones, iPads, and Android-enabled smart phones for financial services, the cyber criminal may usethe opportunity to phish with an application, and gain access to their secure credentials.

Ethical hackers are in greater demand to counter cyber crimes which are growing at an alarming speed.

Experts specialised in different aspects of cyber policing, ranging from the relatively inexperienced greenhorns to seasoned cyber security greybeards need to visualise the big picture, anticipate potential attacks to the organisation and mitigate risks from cyber hacking.

An ethical hacker is not a cyber criminal though he knows well the art and science of hacking. He exercises his hacking expertise prudently for ethical concerns and deploys the cyber tools effectively to counter hacking and to identify the loopholes in order to safeguard the system from lethal cyber criminals.

CYBER SECURITY

Ethical hacking must be encouraged for detection and prevention of automated application attacks, because hackers are becoming adept at automating attacks by intensifying computerised attacks at smaller, vulnerable and largely homogenous targets.

For this, IT security professionals should monitor and analyse attack data, extract relevant information, share information for enlarging the knowledge base for identifying attacks and select appropriate mitigation tools.

They must ensure that controls are in place at all times to deter automated attacks. Securing data confidentiality, and availability in the cyber realm is becoming an increasingly challenging objective for the government and private sectors. Organisations must engage competent, well-trained, skilled, information security professionals to continuously monitor and manage cyber threats and secure sensitive organisational information assets.

(The author is Director General, CAG Office)

Published on August 14, 2011 15:01