Unleashing the Good: How Ethical Hackers Are Revolutionising Cybersecurity
The recent NetEvents APAC Media Spotlight event offered a refreshing perspective on a much-maligned group: Hackers. Often portrayed in movies as hoodie-clad villainous figures, the reality, as revealed by Casey Ellis, CSO of Bugcrowd, and Sajeeb Lohani, Cybersecurity Director of Bugcrowd, is far more nuanced. Their session delved deep into the motivations and skillsets of these enigmatic individuals, providing a fascinating glimpse into the world of hackers and shattering many misconceptions.
Casey aptly remarked, “Hacking is a set of skills. So, it’s just like every other tool. Whether it’s good or bad is determined by who’s using it and for what purposes.” This statement encapsulates that hacking is neutral; it is neither inherently good nor bad. Rather, its ethical implications depend upon the intentions and actions of the individual wielding or hiring those skills.
A sentiment shared by Sajeeb, “The question whether someone [a hacker] will turn ethical or unethical, the end factor is their why. What is motivating them or what is it that they want to do?”
Whether a hacker turns toward ethical or unethical practices is shaped by a complex interplay of personal, societal, and environmental factors. Particularly when financial gain emerges as the primary driving force, the allure of illicit activities becomes an attractive prospect. However, according to Sajeeb, pivotal dialogues are happening within the hacker community that raise awareness of alternative pathways. These pathways allow hackers to persist in their activities without violating the law and while remaining ethical in conduct.
One such pathway is ethical hacking, a practice that involves using hacking skills to identify and mitigate security vulnerabilities. Hackers who have embraced ethical hacking practices are commonly referred to as ethical hackers. Casey, however, much prefers the term ‘white hats’ as it denotes individuals who operate with integrity and commitment to ethical behaviours.
To uphold ethical standards and ensure that white hat hackers operate within legal boundaries, Bugcrowd, as a platform, has established a comprehensive set of code of conduct guidelines. These guidelines serve as a framework for ethical behaviour and govern the interactions between hackers, clients, and Bugcrowd itself.
The Scepticism Around Professionalising Hackers
In practice, the implementation of a code of conduct, even one as comprehensive as Bugcrowd’s, can sometimes encounter challenges and complexities. Casey noted that navigating the intricacies of ethical hacking and enforcing ethical standards can sometimes become messy in real-world scenarios.
To which, Casey shared his experience of being invited to participate in a panel discussion focusing on the professionalisation of hackers. The forum aimed to explore the evolving role of hackers within the cybersecurity landscape and discuss ways to promote professionalism.
However, the discussion led to divergent perspectives and opinions within the community. The prevailing sentiment within the cybersecurity community suggests a scepticism towards the efficacy of implementing rigid codes of conduct for hackers. Many professionals in the field argue that hacking, by its very nature, is dynamic and adaptive, making it challenging to enforce static rules and regulations. There is a widespread belief that any set of established guidelines or code of conduct would eventually be circumvented or breached by hackers as they continue to operate in the ever-evolving digital landscape.
In response to this scepticism, Bugcrowd has adopted a different approach—one that recognises the fluidity and complexity of hacking practices while prioritising legality and ethical conduct. Rather than imposing strict rules and regulations, Bugcrowd positions itself as a guiding hand, providing support and guidance to white hat hackers to ensure they operate within legal boundaries while still having the flexibility to perform their tasks effectively.
This approach acknowledges that ethical hacking is not a one-size-fits-all endeavour. Different hacking engagements may present unique challenges and ethical considerations, requiring nuanced approaches and flexible solutions. By serving as a mentor and advocate for ethical behaviour, Bugcrowd empowers white hat hackers to navigate these complexities responsibly while upholding legal and ethical standards.
Traditionally viewed as renegades operating on the fringes of legality, hackers are increasingly being acknowledged as legitimate professionals contributing to the cybersecurity industry.
This acknowledgement reflects the evolving nature of hacking as a discipline. As technology becomes more integral to virtually every aspect of modern life, the demand for cybersecurity expertise has surged. Hackers, with their unique skill sets and deep understanding of digital systems, have emerged as indispensable assets in the ongoing battle against cyber threats.
The Future of Ethical Hacking
Casey Ellis’s assertion at the event rings true: Hacking is rapidly evolving into a respected profession. Ethical hackers, with their unique skill sets and commitment to ethical conduct, stand at the forefront of this transformation.
The growing adoption of bug bounty programs and penetration testing services further validates this shift. Organisations are increasingly recognising the value ethical hackers bring, turning to them to identify and address security vulnerabilities. These collaborations not only bolster cybersecurity defences but also offer hackers a legitimate career path.