How has the role of ethical hacking changed over 20 years?
An ethical hacker, also referred to as a white hat hacker, is an information security (infosec) expert who penetrates a computer system, network, application or other computing resources on behalf of its owners and with their authorisation. Organisations call on ethical hackers to uncover potential security vulnerabilities that malicious hackers could exploit.
The term hacking first started to appear in the 1960s in connection with activities at MIT, which was the leading university in the then-fledgling computer science area. It referred to applying creative engineering techniques to "hack" machinery and make it operate more efficiently. At the time, hacking was considered to be a compliment for those with exceptional skills in computer programming.
By the 1990s the term 'hacking' had lost its more favourable aspects and was beginning to be associated with malicious and damaging attacks on computer programmes. To combat the growth of computer hacking firms began to employ computer experts who may have been involved in the practice earlier in their careers and therefore knew what to look for in potential cyber-attacks. These pioneers became known as ethical hackers or white hat hackers.
Since then, the commercialisation of hacking skills, known as hacking as a service (HaaS), has made cybersecurity more complex. On the positive side, cybersecurity firms and information technology (IT) security vendors have started to offer optional ethical HaaS via contract to corporate clients. However, an underground market is flourishing on the dark web, including online marketplaces for aspiring hackers, often in the pursuit of illegal activities.
The coronavirus pandemic created new avenues of pursuit for cybercriminals. In "The Hidden Costs of Cybercrime," published in July 2020 by the Centre for Strategic and International Studies and security software company McAfee, monetary losses from cybercrime in 2020 were estimated to top $945 billion. In addition, the report estimated that organisations will spend $145 billion on cybersecurity services and technologies this year.
It is clear that the battle against cybercrime is ongoing, complex and expensive with huge money involved on all sides. With the fallout of the COVID pandemic only starting to reveal itself the stakes will only get higher.