Today is the second Monday of Reblog Mondays and the third day of 12 days of
For today’s reblog, I’d like to branch out a little into the discussion of ethics in the field of cybersecurity.
To read Luis Pla’s post on the cybersecurity ethics code, you can find it at the link below:
One of the things that struck me the most from my team project in digital forensics for my last course is how much data is digitized, and sometimes uploaded to a network, for each of us, whether or not we consent to it all.
Given that so much of who we are as people is available to the world with protection that, at times, amounts to child’s play, is downright horrifying.
I recently discovered McAfee’s podcast, HACKABLE?.
In the latest episode, Prying Eyes, Geoff Siskind, the host of the show, discusses using secure passwords on devices and asks himself if that’s enough.
He proceeds to send his password-protected laptop off to a hacker to see if he can break in.
Without giving away too much of the ending, the hacker was not only able to hack in very easily, but he also found some very sensitive documents that Geoff had on his device.
The reason I’m telling you this whole story is because the method used in hacking this laptop is actually fairly common knowledge.
So if the goal is to discuss my ideas on whether Ethical Hacking is necessary, my answer is yes. Wholeheartedly.
If the means to hack a password-protected laptop are common knowledge, then what hope does the average non-tech person have again someone with even the most basic of skills?
I believe that ethical hacking is a necessary means to help protect individuals, companies, and governments from those out there with the skills and ill intent.
The problem, of course, is in distinguishing the ethical hackers from the unethical.
We don’t exactly walk around with color-coordinated hats on, do we?
What if you’re an ethical hacker for work but shoulder surf someone on the subway?
Even though I believe that serious precautions should be taken when considering someone as an Ethical Hacker, I am not naïve enough to think that this would be a perfect fix for the situation.
For example, even though someone has a valid certification, it would be an error to assume they’re using the skills ethically, even if there is a code of conduct in place for that certification, such as ISSA’s code of ethics.
A background check would, of course, weed out plenty of those with shoddy backgrounds, though it does nothing if the person has never been caught.
Nevertheless, I believe that stringent background checks are a necessary step in separating out the ethical hackers from the black hats.
As a matter of fact, I would argue that the background checks should occur even before you’re allowed into a cybersecurity school program. After all, that’s where you gain the actual skills, not at a certification exam.
Every extra step can further weed out the unethical individuals.
Since I believe that the background check should occur before registration into a school program, covering the cost would fall to the prospective student.
I’m sure this all sounded very bleak and hopeless, but just like my report the last term was disheartening, Geoff Siskind and his cybersecurity expert on the show, Bruce Snell, said something on Prying Eyes that really stuck with me. They said that passwords on devices are for “keeping the honest, honest.”
Similarly, requiring security clearances, background checks and covering their cost, NDAs, and legally binding contracts will keep the honest, honest, and raise the barrier of entry for the dishonest.
At the end of the day, if someone truly wants to hack a government system, financial institution, or a celebrity’s iCloud, they’ll surely find a way to do it. Just last week, we had another massive hack for customer PII.
However, that doesn’t mean that we have to make it easy for them to succeed.
And that’s why I believe that at the end of the day, Ethical Hacking is not only necessary but absolutely vital.
As professionals in such a sensitive area, it is critical that we always remember our governing code of ethics.
Thank you for publishing this (and especially for including your references), Luis Pla.
If you found this post helpful, please be sure to share it with your peers. Online security benefits us all, and will only become more critical as technology’s presence grows in our community.
Get informed. Stay safe.