Hackers For Hire
It has been a common practice for companies to hire “White Hat” hackers to test their network security, but some experts are questioning the wisdom of such an approach, especially as new, stronger, and more potentially damaging cybersecurity threats emerge and government regulations about data security and customer privacy increase.
Former regional partner for Deloitte & Touche Security Services Group Thomas Patterson compares hiring one-time hackers to putting a fox in a henhouse, and advocates several fundamental rules for cutting risks.
“We believe we can achieve the same level of success without sacrificing the trust of our own clients,” notes Patterson. “We may go to the hacking conferences and stay up on what’s the latest in the hacking community, but it’s a fine line. We hire the good guys.”
Invisus co-founder James Harrison draws a very fine boundary between White Hat and Black Hat hackers, and argues that software security products and certified computer experts offer far more safety, since they engender reliability and trust.
On the other hand, security consultant Gary Morse claims there are big differences between good and bad hackers: White Hat hackers, he insists, are veteran programmers with no criminal histories, and they devote more time to writing lengthy documentation on a company’s security flaws than actually penetrating networks. He also downplays the threat of email worms and viruses, arguing that hacker threats are far more dangerous.
Abstracted by the National Law Enforcement and Corrections Technology Center(NLECTC) from TechNewsWorld (02/13/04); Germain, Jack M.