Langsung ke konten utama

A Hacker You Should Do Business With

Evaluating your company's security vulnerabilities is the first step toward preventing costly data losses that could compromise both information and your company's reputation. A so-called ethical hacker could help.



It’s just a USB drive, casually dropped by an employee entrance, in the cafeteria or next to a cubicle. But what happens to that drive can tell worlds about your company’s IT security.
An employee wanders by, picks up the drive and, out of curiosity, sticks it in the computer at his or her workstation. The drive contains infected code that compromises your system.

Evaluating your company's security vulnerabilities is the first step toward plugging those gaps and preventing costly data losses and security breaches that could compromise both information and your company's reputation. For some small to mid-size businesses, evaluating security is a requirement of doing business with government agencies, credit card companies or health-related companies.


But utilizing an ethical hacker can make sense for your business even if you’re not required to do so. For a few thousand dollars, an ethical hacker can give you a sense of areas you need to shore up.
“A lot of small business owners think, ‘We’re a small company. Why would anyone want to access my environment?’’’ says Carl Herberger, vice president of information security and compliance for Evolve IP, a managed technology services provider for small and mid-sized businesses. You’re more of a target than you might imagine, asserts Herberger. “It is the small businesses that are frequently entryways to bigger businesses.”
What an ethical hacker does
A robust security check will do more than simply attempt to penetrate your IT system from the outside, advises Tom Kellerman, a commissioner on The Commission on Cybersecurity for the 44th Presidency and vice president of security awareness for ethical hacking firm Core Security. Depending on the level of service for which you contract, an ethical hacker will:
  • Evaluate vulnerabilities in IT infrastructure An ethical hacker will indeed attempt to access your critical data as a malicious hacker would, running network, web application and client application tests. Frequently, as organizations grow and evolve, “bits and pieces” of data are left exposed and forgotten, says Rudolph Araujo, technical director for Foundstone Professional Services, which performs these sorts of security health checks or ethical hacks. “The other part is increasingly what we’re finding are a lot of these vulnerabilities tend to be at the application level.”
  • Test human behavior Herberger includes those USB drops in his evaluations. “The biggest challenge is with the threat you know,’’ he says of employee behavior. Social engineering tests reveal how your employees handle situations that put your critical information at risk. These tests can mirror phishing attacks, asking employees to click on links in emails or to reveal information online. But tests can also take the form of evaluating the likelihood of an unauthorized person to gain access to a secure area.
  • Find the leaks A security evaluation might also determine the types of information that is revealed about your company online, through employees’ social networking sites and other documentation that may pop up.
What you’ll pay
The low end of the range tends to be below $5,000, says Herberger. “We’ve done things in the $2,000 to $5,000 range, but the scope is much smaller.” Araujo says the cost could be as low as a few hundred dollars, depending on what you ask an ethical hacker to do.
A mid-size business might pay $10,000 to $15,000, estimates Herberger.
Even small companies are beginning to budget these sorts of security evaluations on an annual basis. “An annual basis would be the minimal standard,’’ Araujo advises. “IT environments tend to change so quickly that the results from a year ago are probably going to change.”
What to consider
Don’t simply turn your enterprise over to an ethical hacker without forming a game plan, says Araujo. Make sure you understand the process, ask the right questions and take these factors into consideration:
  • Know what’s critical Identify the data you’re trying to protect, says Araujo. “What’s the risk your business is exposed to?”
  • Check credentials You’re placing your system in the hands of an outside entity. Ethical hackers receive certification in penetration testing, and there’s a professional code of ethics that protects your confidentiality. Make sure to vet the ethical hacker you employ.
  • Ask about repeatability An ethical hacking firm should perform repeatable, scalable exercises that allow you to track whether you’ve made progress, says Kellerman. You’ll also want an actionable report that outlines how you can correct deficiencies.
  • Evaluate business value Protecting your information is an obvious business benefit. But there may also be value in demonstrating your security to potential business partners as well. Regular security evaluations also might offer some protection if court cases involving data breaches arise.
“Most organizations right now are hemorrhaging data,’’ says Kellerman. “It’s fundamentally critical to gain great awareness of where your vulnerabilities are.”
Label:

POPULAR

Museum Tsunami Aceh Persiapkan Inovasi berbasis Teknologi Digital

MUSEUM Tsunami Aceh terus lakukan inovasi untuk menjadi destinasi edukasi kebencanaan yang lebih modern dan menarik. Dengan mengusung konsep digitalisasi, museum akan memberikan pengalaman baru yang lebih interaktif dan imersif bagi para pengunjung. Kepala Dinas Kebudayaan dan Pariwisata Aceh, Almuniza Kamal, menjelaskan bahwa empat ruang utama di museum akan ditata ulang secara signifikan. Ruang-ruang tersebut meliputi lorong tsunami, memorium hall, lobi lantai dua, dan ruang pameran tetap. "Kami ingin menghadirkan pengalaman yang lebih mendalam dan menyentuh bagi pengunjung. Lorong tsunami akan dilengkapi dengan visual 3D pada lantai dan dinding, menciptakan sensasi seolah berada di tengah gelombang tsunami," ujar Almuniza, Rabu, 17 September 2025. Sementara itu, memorium hall yang ikonik akan diperbaharui dengan serangkaian LED berbentuk persegi panjang, menggantikan layar yang sudah ada. Tujuannya adalah untuk menampilkan konten-konten sejarah dan edukasi secara lebih d...
Selengkapnya...

1,8 Juta Penderita Kanker Mati Akibat Merokok

Kebiasaan merokok adalah salah satu faktor utama penyebab kanker paru. Berdasarkan data Badan Kesehatan Dunia (WHO), 40 persen dari 12 juta orang di dunia didiagnosa terserang kanker setiap tahun. WHO memperkirakan, 84 juta orang meninggal akibat kanker dalam rentang 2005-2015. Ada 1,8 juta angka kematian aki­bat kanker yang disebabkan kebiasaan merokok. Sebesar 60 persen dari keseluruhan angka kematian akibat kebiasaan me­rokok dijumpai di negara-negara berkembang dan terbelakang. Bagaimana rokok dapat me­nimbulkan kanker? Kebiasaan merokok bisa memicu kanker paru, kanker paru, tenggorokan, rongga mulut dan pharynx.
Selengkapnya...

Top Ten Facebook Alternatives That Keep Up Your Privacy

With the rise to top spot in social networking world, Facebook's taking advantage of its monopoly. The social networking ace is eager on controlling online identity of its members and reconfiguring the world’s privacy norms. Lately Facebook has been accused of taking advantage of users privacy. In such a situation you must be looking for Facebook Alternatives. If you are looking for alternatives, you have many but those that upkeep your privacy and offer similar features and apps as Facebook are numbered. We made an effort to queue up the 10 Facebook alternatives that doesn't compromise your privacy. 1. Friendster It is already quite popular in Asia but has also grown in popularity in the United States. The network offers quite a few features to customize your profile, offering quite a few features to customize. This is the ultimate point of a social network through. You can stay updated on people's shared information  Friendster’s privacy is stricter than what we find w...
Selengkapnya...