Looking up from his keyboard, the hacker grins. He’s found a way into a company’s network. A few clicks and he’s easily accessed management’s passwords and sensitive client data. He could wipe it out, or sell it to the highest bidder, no sweat. Luckily for growing numbers of Canadian businesses, the hacker instead immediately reports his findings to the firm’s CEO — who had shrewdly hired him to break in.
Enlisting the help of an “ethical” hacker — a principled IT security expert who will explore your system and search for weaknesses — can help protect your company from the growing threat of cybercrime. “The rates of hacker activity and worms, both of which get in through vulnerabilities in a company’s system, have been going up every year,” says Richard Reiner, chief technology officer of Assurent Secure Technologies, an information security consultancy in Toronto. Moreover, 85% of hacking is “done by picking IP addresses at random and seeing what’s there,” says Reiner — meaning firms of all sizes are potential victims. Once hackers get in, they can wreak havoc: infecting your system with software that secretly collects information, disabling your network and even stealing — or erasing — mission-critical data. Without the financial resources it takes to recover, “most small businesses that incur a significant data loss go out of business,” says Geoff Kereluik, vice-president of small and medium business for Hewlett-Packard Canada.
These mounting security concerns are reflected in the proliferation of entrepreneurial companies hiring ethical hackers to conduct “vulnerability assessments” or “penetration testing.” “Recently, every sort of technology and consulting firm has started to offer security testing,” says Reiner. “There is such great demand.”
IT pros recommend conducting annual assessments, as criminals are continuously developing new hacking methods and any changes you make to your system can create new chinks in your online armour. Expect to shell out $8,000 and up for a basic hack plus any needed patches, depending on the size and complexity of your IT system. “If you don’t spend it now,” says Joe Greene, vice-president of IT security research at IDC Canada, an IT research firm and consultancy in Ottawa, “you’re going to be spending it recovering from some sort of exploit or hack or virus.”
© 2006 Jennifer Rivkin