Inside the Mysterious World of Ethical Hacking

In a world where harboring your most sensitive data on the internet is a convenient risk that everyone seems willing to take, the ramifications could actually be much more alarming than a stolen credit card number -- cyber attacks could dismantle society.

According to this year’s Worldwide Threat Assesment, written by Daniel R. Coats, the Director of U.S. National Intelligence, cyber attacks are the top danger to society, posing more of a global threat than mass destruction and terrorism.

“The potential for surprise in the cyber realm will increase in the next year and beyond as billions more digital devices are connected -- with relatively little built-in security -- and both nation states and malign actors become more emboldened and better equipped in the use of increasingly widespread cyber toolkits.” Coats writes in his report.

As individuals and companies rely more heavily on internet-connected devices that have notoriously weak security, and cybercriminals continue to develop more sophisticated methods of attack, like fileless malware, which caused Equifax's infamous data breach last year, cyber attacks are becoming more prevalent and dangerous than ever before -- especially in the business world.

In 2017, the Identity Theft Resource Center reported a record-high 1,579 data breaches -- 44.7% more incidents than the previous record high recorded just one year before. Ponemon Institute, a research center dedicated to privacy, data protection, and information security policy, also reported that a single ransomware attack inflicted on a company that doesn’t even pay the ransom payment will cost them $5 million in lost productivity, due to the disruption of the company’s networks and computers.

With malicious viruses costing companies huge sums of money and skyrocketing growth in data breaches every year, it might seem like cybercrime laws are too flimsy to deter hackers. But in some states, certain cybercrimes are considered Class C felonies, which is equal to kidnapping and arson.

Unfortunately, cyber investigators are spread so thin that they only have time to work on cases that receive a lot of media attention, affect government officials or celebrities, or lead to a loss of $200,000 or more. As a result, breaking a serious law doesn't make cybercriminals flinch even one bit. So how are companies securing themselves if order can’t?

Protecting a company’s cybersecurity requires the same skills as exploiting it. And to quickly find their own vulnerabilities and patch them up, businesses pay people to hack into their computer systems. It’s something called ethical hacking.

Most companies connect with freelance white-hat hackers through platforms like HackerOne and BugCrowd and offer them monetary rewards, called bug bounties, in exchange for information about their previously unknown vulnerability. Bug bounties can range anywhere from hundreds of dollars to tens of thousands. In fact, Google will pay you up to $23,000 if you find a certain type of bug in their computer systems.

A budding industry, the technology, government, telecommunications, automotive, and healthcare sectors all saw increases in bug bounty programs this year. HackerOne has also helped white-hat hackers earn over 31 million dollars in bug bounties since their inception in 2012, and computer science students at universities like Cal Berkeley use the platform to earn points toward their final grades in their security classes.

The growth of ethical hacking is promising for the cybersecurity industry. It’s incentivizing the rare few who can hack into complex computer systems to use their technical chops for good. And hopefully, it’ll spark enough opportunity to help the light side of hacking shine brightly over the dark.