With the Black Hat conference wrapping up this week, we thought we should examine the different roles of a Certified Ethical Hacker. First off, what is a Certified Ethical Hacker? A Certified Ethical Hacker displays a certain level of competency for testing vulnerabilities in computers and softwares. One can become a Certified Ethical Hacker by taking the CEH qualification test. By taking this test, recipients of the certification will gain knowledge of the specific tools that you will need such as NMAP or WireShark and how to use these tools. Once this certification is obtained you are considered a white-hat hacker.
There are 3 types of hackers: White, Gray and Black Hat Hacker
White Hat Hacker
A white-hat hacker would be considered the ‘ethical’ hacker. They are hired through a company to test the security of their business. The company will often instruct the white-hat hacker to attempt to hack into their systems in order to see if their systems are exploitable. The white-hat hacker will do everything that a black hat hacker would do to attempt a breach. Now, instead of stealing the information that was obtained through the hack attack, the white-hat hacker will disclose this information to the companies developer which would allow them to patch the vulnerability.
Black Hat Hacker
Black-hat hackers violate many laws and regulations without caring. These are the types of hackers that violate security for their own gains. These hackers will steal credit card information, social security numbers and other personal or sensitive data that they can get their hands on and exploit for their own use. These hackers can also use malicious viruses against organizations that can crash their whole enterprise. Black-hat hackers are the hackers that the media likes to portray a lot since they are the ‘evil’ ones.
Gray Hat Hacker
A gray-hat hacker is neither a white-hat nor a black-hat hacker. They won’t attack systems for their own gain but they will commit crimes unethically to prove a point. A gray-hat hacker may exploit a vulnerability and instead of reporting it to the developer or company, they will expose the vulnerability publicly.
If you would like to have a Certified Ethical Hacker test the vulnerability of your organization or business, please contact a GraVoc representative.
In this blog post, we provide five cybersecurity awareness tips for employees to help them practice better cyber hygiene and defend sensitive data.
Click here to access KnowBe4’s FREE Resource Kit containing resources to share with employees throughout Cybersecurity Awareness Month!
We explore the top 3 red flags of phishing that businesses & employees should be aware of in order to recognize & mitigate a threat.