With the Black Hat conference wrapping up this week, we thought we should examine the different roles of a Certified Ethical Hacker. First off, what is a Certified Ethical Hacker? A Certified Ethical Hacker displays a certain level of competency for testing vulnerabilities in computers and softwares. One can become a Certified Ethical Hacker by taking the CEH qualification test. By taking this test, recipients of the certification will gain knowledge of the specific tools that you will need such as NMAP or WireShark and how to use these tools. Once this certification is obtained you are considered a white-hat hacker.
There are 3 types of hackers: White, Gray and Black Hat Hacker
White Hat Hacker
A white-hat hacker would be considered the ‘ethical’ hacker. They are hired through a company to test the security of their business. The company will often instruct the white-hat hacker to attempt to hack into their systems in order to see if their systems are exploitable. The white-hat hacker will do everything that a black hat hacker would do to attempt a breach. Now, instead of stealing the information that was obtained through the hack attack, the white-hat hacker will disclose this information to the companies developer which would allow them to patch the vulnerability.
Black Hat Hacker
Black-hat hackers violate many laws and regulations without caring. These are the types of hackers that violate security for their own gains. These hackers will steal credit card information, social security numbers and other personal or sensitive data that they can get their hands on and exploit for their own use. These hackers can also use malicious viruses against organizations that can crash their whole enterprise. Black-hat hackers are the hackers that the media likes to portray a lot since they are the ‘evil’ ones.
Gray Hat Hacker
A gray-hat hacker is neither a white-hat nor a black-hat hacker. They won’t attack systems for their own gain but they will commit crimes unethically to prove a point. A gray-hat hacker may exploit a vulnerability and instead of reporting it to the developer or company, they will expose the vulnerability publicly.
If you would like to have a Certified Ethical Hacker test the vulnerability of your organization or business, please contact a GraVoc representative.
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.