By Bill Phillips
November 2, 2022
8 min read
November 2, 2022
8 min read
Ethical hacking involves the authorized attempt to gain access to computer systems, applications or data by duplicating the strategies and methods that would be used by a malicious hacker. Also known as penetration testing, the practice has been established to test an organization’s cyber security methods and safeguards, as well as identify security vulnerabilities that can be addressed and resolved before a malicious hacker can exploit them.
An ethical hacker is a cyber security professional with in-depth knowledge of computer systems, networks and security. They should be well-versed in potential threats and vulnerabilities that can hack—or bring down—organizational systems.
Deterring threats from malicious hackers is often a top priority of corporate, e-commerce, banking and financial systems operators who need to ensure customer data—like birthdays, payment information and passwords—are protected. Without this protection, successful cyberattacks can result in catastrophic results,—including loss of data, fines and other penalties, lost revenue and diminished consumer confidence.
As more aspects of our lives involve online transactions, the internal systems, software and servers required to make it all run smoothly remain vulnerable to cyberattacks. For this reason, institutions, such as those who handle sensitive electronic medical records, have made cyber security measures a vital component of their risk management strategies.
According to a report from the cybersecurity firm Sophos, 66% of healthcare organizations were hit by ransomware attacks last year, demonstrating that adversaries are becoming “considerably more capable at executing the most significant attacks at scale,” and that the complexity of the attacks is growing, according to the report.
To thwart cyberattacks like these, ethical hackers will perform reconnaissance and gain as much information as possible about an organization’s IT assets. Their next step will be to use defensive measures like password busting, privilege escalation, malicious software construction or “packet sniffing” to uncover vulnerabilities or weak links in the information system chain or loopholes in network security systems and use the same tactics a malicious hacker would deploy to exploit those vulnerabilities.
Some of the vulnerabilities ethical hackers uncover include:
After testing, ethical hackers will prepare detailed reports that include steps to patch or mitigate the discovered vulnerabilities.
After acquiring the basic skills, ethical hackers may choose to specialize their skills and focus in specific areas.
According to CSO, many ethical hackers become professionals in this field by obtaining formal training or by earning certifications. The EC Council’s Certified Ethical Hacker (CEH) course can be taken online or in-person with an instructor and contains 20 different subject domains, including common hacking subjects and modules on malware, wireless, cloud and mobile platforms.
The Offensive Security Certified Professional (OSCP) course and certification is another option you might consider pursuing.
At DeVry, our Undergraduate Certificate in Cyber Security can help you prepare to pursue a career as a cyber defender, securing sensitive data and protecting organizations against data breaches. The courses in our 100% online certificate program will teach you how to design strategies to protect information, infrastructure and brands against the threat of cyberattacks.
Some courses within our curriculum may also help you prepare to pursue industry-relevant cyber security certifications like:
Penetration testers are typically part of an organization’s risk management team. They look for loopholes and vulnerabilities, and help reduce risk by showing management and IT department leaders areas that are likely to be attacked and the different ways in which a security breach might take place. To do this effectively, they must also take the necessary steps to obtain in-depth knowledge of the organization they wish to “hack” and think like a malicious hacker who would steal confidential data or lock authorized users out of the system until a ransom is paid.
A partial list of an ethical hacker’s job responsibilities may include:
1Growth projected on national level. Local growth will vary by location. https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
Filter Blog Post Category