Global cybercrime losses are estimated at $ 6 trillion this year and $ 10.5 trillion by 2025. To address this, business owners are making efforts to step up their cybersecurity measures to prevent data breaches that could put their investments and reputations at risk. One of these measures is the hiring of white hat hackers (WHHs), experienced bug hunters who find weak points in IT systems and networks and offer solutions. These ethical hackers are being asked fast, with the market value for their services projected to hit $ 4.1 billion by 2027.
Allan Jay Dumanhug, Chief Information and Security Officer of Secuna, the largest cybersecurity testing platform in the Philippines that finds the IT vulnerabilities of an organization that cybercriminals exploit, explains the difference between the WHHs and their malicious counterparts, the Black Hat Hackers ( BHHs): “WHHs are all ethical, moral and cybersecurity experts who make an honest living. They enjoy the intellectual challenge of creatively pushing and bypassing boundaries to keep the Filipino business community safe, ”said Dumanhug. “They are very familiar with the tactics of BHHs attacking companies to steal data, compromise systems, and cause other types of cyber damage. WHHs use this knowledge and their expertise to counter the attack of the BHHs and to assess the strength of the organization to withstand it. ”
The Institute for Information and Communication Technology has certified Secuna as a recognized cybersecurity assessment service provider. Secuna connects companies and brands with verified and trustworthy international cybersecurity experts who simulate cyber attacks and find security holes that BHHs can exploit to gain access to IT systems.
ctulu, Secuna’s # 1 WHH, explains the risks Filipino companies face: “Most companies in the Philippines do not have a security disclosure policy or a program that allows their researchers to report potential security vulnerabilities to them. Some of the high profile violations in the country could have been avoided if there had been a program for researchers to report their results. This underscores the importance of white hat hacking in the country. ”
Chris Laconsay, another WHH registered with Secuna, says, “Cybercrime and cyber-related crime are now increasing. To combat this scourge of cyberattacks, hiring WHHs enables companies to find vulnerabilities in their cybersecurity before those vulnerabilities are found and exploited by someone with criminal intent. “
ctulu, who checked and tested the COVID-19-related systems of the Philippine Red Cross on the Secuna platform, dispels the stereotypically negative view of WHHs: “Not all hackers are bad. Many of the WHHs are security professionals who are hired by companies to find and exploit vulnerabilities before the BHHs find and exploit them. ”
In order to shine in his profession, “a top WHH should have these two qualities: infinite curiosity and patience,” says ctulu. “To arouse your curiosity to hack and destroy things, you need a lot of patience, as it is not easy to find faults.”
“White hat hacking requires a high level of problem-solving skills and creativity. As I’ve observed, currently famous WHHs tend to be very good at it, ”says Laconsay. “Learning new things motivates me enormously. The willingness to learn a new trick or trade kept me going. “
A bachelor’s degree in information security and / or computer science provides a solid foundation for any WHH. A preparation for the career path at WHH is also training courses that lead to a certification sought by recruiters, such as the Offensive Security Certified Professional (OSCP) program. After hiring, the WHHs can build up in the organization with positions such as penetration tester, red team, application security engineer and security researcher, among others. The salary of a Filipino WHH ranges from PHP 18,200 to PHP 63,000.
ctulu adds: “Knowledge of Python, C ++ or Structured Query Language (SQL) is an advantage.” At the same time, he points out that WHHs can come from different backgrounds that, like their tasks, set new standards. He says, “Some of the WHHs I know are nurses, business people, or taxi drivers. As long as the hacker follows the rules, runs tests, writes the reports correctly, and has a good attitude, there won’t be any problems. “
Laconsay adds, “Although anyone can become a WHH without any programming knowledge, you have to have at least one programming language to be good at the craft.”
Unfortunately, the negative public perception of the word “hacking” has been linked to the criminal activities of BHHs and companies are reluctant to hire WHHs. It has also prevented WHHs from volunteering or opting out to help businesses as soon as or before a violation occurs. ctulu says, “Helpful hackers who see a potential threat usually say nothing because they fear it could end up jailing them. However, it is critical to report these bugs. Otherwise, malicious hackers or the BBHs have the means and the opportunity to hide and emerge from the shadows. “
SIGN UP FOR THE DAILY NEWSLETTER
CLICK HERE TO SIGN UP