Demand up for ethical hackers who spot and patch up breaches

Demand up for ethical hackers who spot and patch up breaches

SINGAPORE - Calling yourself a penetration tester might invite some laughs at dinner parties, but the job of a cyber security expert is anything but funny.

It is serious business.

Just ask American bank JPMorgan Chase. The names and addresses of its clients - more than 76 million households and seven million small businesses - were stolen by hackers this month in one of the worst intrusions ever.

In the fight to stay safe online, penetration testers are the necessary foot soldiers. They are external consultants or in-house workers who try to find loopholes in their employers' computer security systems before others with malicious aims do so.

These ethical hackers - or white hats - then patch up the breaches to ensure they do not happen again.

"There is no perfect code so it is a never-ending fight," said Mr Ali Fazeli, a senior consultant with Singapore- based cyber security firm Infinity Forensics.

While it is hard to estimate the number of these testers in Singapore, demand for their services has grown, given the surge in cyber attacks.

More than 40 million worldwide security incidents were reported to audit giant PwC so far this year, an increase of 48 per cent compared to last year.

Infinity Forensics has handled more than 110 cases so far this year, more than the 80 last year.

Likewise, Mr Albert Teo, 38, a freelance security consultant, said he has been taking on at least four more companies per month this year, compared to last year.

And demand for their services is likely to go up, given that cyber attacks are likely to rise as more gadgets, such as smart watches, come into our lives, say experts.

Ms Edwina Tan, 24, a security consultant with e-Cop, said: "We are becoming more reliant on technology so there will definitely be more loopholes to exploit."

To keep up the defence against hackers, testers hack into computer systems to test their robustness against malicious attacks. "Companies have to try and stay one step ahead of hackers," said Mr Ali.

"We need to submit a report to our clients after we complete our checks, informing them of their vulnerabilities and recommending solutions."

Their fight against hackers has become tougher as hacking kits are increasingly easy to download and use.

Mr Teo said: "Anyone can try these tools on any website - at no cost. The creative ones learn fast and start to figure out how to improve the original script."

The end result is an "ever- changing war ground".

[[nid:31919]]

Ms Tan said the tools may have started as a means for people to test the strength of their own systems but have been misused.

For instance, WireShark - which tracks transmitted data sent over networks - is a tool that hackers called "script kiddies" use to scan for information over, say, unsecured hot spots.

Script kiddies use code developed by others to hack into or deface websites.

A step-by-step guide accompanies the tool's download links and tutorials are available on YouTube.

While more firms are becoming aware of online dangers, more can be done to educate people on cyber security, experts said. "Employees usually fail the first test by opening a suspicious-looking e-mail or plugging in a thumb drive they found on the floor," said Ms Tan.

"It doesn't matter if you are a well-known company or not. No one is 100 per cent safe."


This article was first published on October 20, 2014.
Get a copy of The Straits Times or go to straitstimes.com for more stories.

This website is best viewed using the latest versions of web browsers.