I have a friend, who over the last couple of years has become an expert in the ethical hacking arena. He is well thought of in the white hat communities and relatedly feared in the black areas. He can put together malware, do a little social engineering and infect a business, in most cases easily, within a couple of hours.
That is what an ethical hacker does. He test defences of Organisations with the same tools and attack vectors that the cybercriminal uses. In most cases they have a better understanding of the criminal mind than most law enforcement. They also have a better understanding of the technology than 99% of the supposed bad guys of the digital world.
They are legally allowed to say, if I want to steal data from you how I would do it, mainly because they have asked your permission to do it. That is one of the keys to a successful ethical hacker. They ask permission, and get paid, to attack you organisation.
These attacks can be aimed at your main data system, your web site, your ecommerce site or any other technology that is attached to the Internet. That also includes your users and their devices.
Once a ethical hacker has completed his assessment he will come back with a report to the company on what was attacked, in most cases how they got in and the most important component, how you can stop a real hacker from attacking your business.
A complete tactical ethical hacker attack can cost a couple of thousand dollars. A compromised business can lose that amount of money in minutes and can continue to lose it for hours, days or even weeks after a real attack.
To me, ethical hacking is a science, but it is something that even the smallest of Organisations needs to consider.
Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework. He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.