“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” ~ Sun Tzu, The Art of War
The oft referenced quote and subsequent ruminations suggest that to successfully defeat your enemy you must know him. If you understand his tools of battle and his methods of operation, you are able to anticipate his moves and learn how to defend against them. Successfully. This is the very reason that many enterprises are beginning to pursue battle against cyber crime.
‘White hat hackers’ – those who use their hacking powers for good to identify organizations’ cyber vulnerabilities – are beginning to go ‘dark.’ They are going undercover, melting into dark hacker communities to learn their tricks of the trade, and then share their knowledge to help enterprises fortify their cyber security and prevention forces.
4,000 ransomware attacks hitting organizations every day3
With hackers striking approximate every 39 seconds,2 and 4,000 ransomware attacks hitting organizations every day3, businesses need to build more formidable defenses…by stepping up their offense. Prevention is the absolute best approach to data breaches and reputation damage. Yes, recovery is crucial for damage and loss mitigation after an attack, but the service disruptions, loss of productivity, and data compromised – no matter how minimal - cannot be undone. Nor can the consequences.
And as of 2018, the average cost of a data breach is $3.6 million.4 A recent report discovered that 78 percent of consumers stated they cease engagement with a brand online after a reported data breach. Additionally damaging: 49 percent declared they would “not sign up and use an online service or application that had recently experienced a data breach.”1 For consumers, a well-executed, ‘successful’ recovery doesn’t restore trust. Reputation damage is set in motion the moment the perimeter is breached.
With that reality, businesses are realizing they need a more aggressive preventative approach beyond simple firewalls and antivirus software. They must fight hackers by learning more about them. To fight a dark hacker is to become one. And this is why white hats are going dark. White hackers infiltrate hidden forums and sites to discover what tools dark hats are using, what vulnerabilities they plan to exploit, and to purchase their secrets. They can troll the controlled forums and learn secrets that an organization’s IT team may never suspect.
"There you can often purchase hacked, stolen credentials; access to compromised machines inside specific organizations; and access to dumps -- data from breaches," stated veteran security expert Francisco Donoso.
But it’s not an easy in. Once they’ve run the gauntlet of cautious criminals, built trust, and garnered the required insider recommendations within the outer circles, only then can they be granted access into the restrictive darker inner circles. And their insertion comes with risk of detection and toeing a blurry line of the law. In order to authentic their dark persona, the white hackers need to purchase tools, offer feedback…behave as any other cyber criminal. Some consider this questionable activity.
“You will never be secure. This is a journey, not a destination. Get used to the idea that security is now part of normal operations.”2
But many feel it’s worth the risk in order to help organizations - and those who put their trust in them – remain resilient and avoid becoming part of a data breach statistic. And the answer lies in knowing what the hackers are doing and using. Just like cyber criminals keep watch on the latest security news and trends. Once a new security tool is announced, they are already scheming how to circumvent it. One of an organization’s best chance for cyber resiliency is to fight hackers with hackers.
For more great industry info, check out our free whitepaper:
Written by Angie Longacre
As a writer for Assurance Software, Angie devotes her craft to promoting business continuity and disaster recovery awareness, and trumpeting Assurance Software’s invaluable benefits for both. When she’s not commanding the keyboard, you can find her outside for a run, searching for her next antique treasure, or lost in a good book.