All
of these questions and more are very valid points that should be considered
when looking at candidates for a tech position within your company.
But
that raises another question, how many “straight laced” employees are actually
hackers in disguise?
The
guy or girl in the next cubicle could be a serial hacker, working in the dead
of the night stealing secrets, taking down company and government websites, or
even worse. So you never know who you are dealing with these days. When
watching the news, what is the one thing you hear over and over again about
criminals that get caught; “He was just a regular guy. Kind of kept to himself,
but was always friendly and even helped me with…” This image that a criminal,
especially a cyber-criminal, like a hacker is hunkered down in a shack in the
woods Unabomber style may be true for a small percentage of this subculture,
but is unlikely for the masses.
Paranoid
yet?
Let’s
go back to the thesis and one theory; let’s say you are a technology firm, and
you are looking to protect your proprietary project that will be ground
breaking bringing your company to the next level. You are concerned about the
security of your company and protecting the front door, so you deploy a solid
two-factor authentication solution, secure the network with a strong firewall,
and buy the best anti-malware software on the market. But the thought of
someone hacking in and stealing your life’s work is still keeping you up at
night.
So
what do you do?
Hire
a hacker to protect your castle. Crazy? Not so much. Who understands a hacker
better than someone woven from the same wool; they speak the language, and can
see holes within a security system better than most. Sometimes when you are so
close to the trees it is hard to see the forest; there may be vulnerability
right in front of your face that you have missed. That tree that is right in
front of you is blocking you from seeing a backdoor entrance that a hacker can
just walk right in and gain access to the whole company and suck it dry.
Like
mentioned in a previous article, the FBI has been hiring
criminals for years to catch other criminals and fight crime. Heck if they are
doing it successfully, why not follow suit?
Keep
your hacker happy, pay the hacker a very healthy salary, get them the most
high-tech everything that they ask for, and let them do their job. You take
care of them, and they will protect you; they will not bite the hand that
feeds.
There
are even companies, like Neighborhoodhacker.com that offer the services of hiring
an ethical hacker to handle cleaning up after a hacker attack. Hackers are
smart people who have a very select set of skills that can be used for good if
channeled correctly.
Now
the flip side of this question and the true catch 22 of the question. Say you
do hire a hacker, get them set up in your company and they are still hacking on
the side. Like a junkie trying to get clean they just cannot seem to break the
ties and get the monkey off their back. They love the rush of breaking into a
company and bringing them to their knees, a real evil dude.
They
come into your company and protect your castle, but they are breaking into
other castles while at home or even worse… while at work. They get caught, the
FBI raids your company looking for all of the machines they were working on and
confiscates it for evidence. What are you to do? You not only just lost your
defense department, you also lost company hardware, and now have to testify in
court. Wow, that escalated quickly!
Although
the second scenario is less likely it could happen, unlikely but still a
possibility. So would you roll the dice and hire a hacker?
No comments:
Post a Comment