Page 7 - EngineerIt July 2021
P. 7

ICT



        will not cause actual harm; it is the difference between showing a CFO you had access to
        transfer funds and actually transferring the funds.
           The second benefit is that it can orient the defences of an organisation towards
        attackers and their specific approach to your organisation. Too often the confusing world
        of cyber security causes organisations to rely on checklists or vendors of security software
        and tools, instead of understanding which defences would raise the cost for an attacker
        to pursue an organisation the most. By examining the actual ways in which attackers are
        successful against your organisation, you can align your IT security plan.
           The third benefit is that contrary to the hacking portrayed in movies, often the art of
        hacking is finding the one place where someone messed up. The implication of this is
        that a large part of hacking is time spent finding and exploring IT systems that belong to
        an organisation. Hackers will find that old marketing site your team forgot about, and if it
        shares any passwords with your current systems, they will let you know.
           Finally, as the defences of your organisation mature, watching the attack unfold by
        working with the ethical hacking team can provide exceptionally useful training and
        learning opportunities for a team to enhance its detection and response activities. In fact,
        this has become so popular it even has a name - purple teaming. This is a reference   Dominic White
        to the defensive team (aka the blue team) and the offensive team (aka the red team)
        working together.
           Ethical hacking, like the rest of the cyber security industry, is a fast-growing industry. In   Conclusion
        the past practitioners were self-taught, however these days there are many learning paths   I hope this has given you a better idea
        -  from university and professional courses to online dojos -  in which to practise, and plenty   of what ethical hacking is, and why your
        of communities. South Africa has been blessed with an active cyber security industry for   organisation would use such a service, or
        many years. Our own company, founded in a bedroom in Centurion, turned 21 this year.  even made you interested in a career in
           If you would like to find out more, in South Africa, Hack South is a popular community   the field. If you would like to talk more, my
        for beginners and veterans alike. You can find it at https://hacksouth.africa . If you have   e-mail address is dominic@sensepost.
        a passion for pulling apart technology to figure out how it works or modify its behaviour in   com or @singe on the Hack South chat
        your favour, this might be a field for you.                               server and Twitter.           n



















































                                                    EngineerIT | July 2021 | 5
   2   3   4   5   6   7   8   9   10   11   12