Meet the ‘ethical hackers’ fighting the rising threat of cybercrime | #computerhacking | #hacking

‘Perfect storm’

There has been a proliferation of digital crime since the onslaught of COVID-19.

The Australian Cyber Security Centre’s (ACSC) annual report, released in September, found cyberattacks had increased by 13 per cent over the 12 months to June, equating to one reported attack every eight minutes.

There have been a number of high-profile ransomware attacks, including Toll Group and US oil giant Colonial Pipeline, that have wreaked havoc on essential service providers. The Reserve Bank of Australia this month warned a successful cyberattack against a major bank was “almost inevitable”.

“Criminals go where the money is,” Edelstein says. “You see very few armed robberies in banks anymore. They don’t hold much money in a branch and your chance of getting caught is high.”

Sentaris founder Justin Waite was not always an ‘ethical’ hacker. Credit:Jason South

Sentaris founder Justin Waite was a teenager in the early 1990s when he was a not-so-ethical hacker. An interest in breaking into safes translated to the digital world, where he built virus codes to crack passwords or copy computer games for his friends.

He says hacking is more art than science. By the time you finish a university degree in coding, it’s irrelevant. The industry is fast-changing and the threat is ever-increasing. Waite refuses to hire junior hackers and has plucked who he regards as the best in the business to form his small team of five. “Since then, I’ve had very large organisations on my books including government, large retailers and financials.”

With Cybersecurity now big business, Waite’s concerned about the charlatans entering the industry. Coding is complex and foreign to many executives and he says some firms charge exorbitant fees to print glossy reports that don’t say much. His boutique firm, operating from an office in Melbourne’s north-eastern suburbs, has a policy against selling products after seeing competitors get kickbacks for up-selling unnecessary software.

“I was so bitterly disappointed with what was happening in the market,” he says. “They’ll run a tool, put the cover page on and say you’re fine. A year later they’ll be compromised. I left the banks to start my own company to fill that void in the market.”

Boardroom issue

Edelstein says the larger end of town has been taking cybersecurity seriously for at least five years. “I think all directors would agree cybersecurity is a boardroom issue.”

There are laws that mandate yearly penetration testing for some industries, and well-resourced companies are throwing money at innovative solutions to avoid compromising customer data or suffering a reputation hit. Demand is positioned to continue growing, as the government mulls an overhaul of cybersecurity legislation to force greater reporting obligations on a wider range of companies.

Against this backdrop, the cybersecurity industry is facing a skills shortage.

CyberCX has taken matters into its own hands, launching an internal program to recruit and train staff from scratch. Psychologists and teachers have passed through the program, with no set model for what makes the perfect hacker. “We’re looking for people with that inquisitive mind, that ability to research, that ability to be challenged and not give up along the way until they get the outcome they need,” Edelstein says.

Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

64 − = fifty seven