According to security lecture Keren Elazari, at the SecTor conference, ethical hackers can help companies improve their cyber security.
Elazari provided an overview of current cyber security challenges, including unauthorized extraction cryptocurrency, of the attacks ransomware, phishing SMS and problems with weak and reusable passwords.
With unauthorized cryprocurrency extraction, also referred to as crypto-jacking, attackers have gained by introducing code into systems, according to Elazari.
Another issue mentioned by Elazari at SecTor is that companies need to do better work than passwords, which are at the center of many data breaches. Passwords are commonly reused, he said, which is a real problem, given the large data breaches in recent years, including 2012 LinkedIn.
Instead of using passwords that attackers can break, Elazari supports the use of passphrases that may be more difficult to guess third parties, while at the same time it is easier to remember them.
Attackers are also increasingly using automation tools such as the new AutoSploit tool. AutoSploit is integrated into Shodan's search engine, which can help pinpoint potential targets. AutoSploit is also integrated in the Metasploit Penetration Testing, for automatic activation of farms for vulnerable targets identified by Shodan.
Elazari also noted that while artificial intelligence can help, the challenge of cyber-security requires some human intelligence. To this end, he suggests that organizations should create a strong security culture that embraces the ethical hackers' mindset.
This mentality, which includes hackers as a security measure, also involves attracting them through bug bounty programs. With these programs, hackers are encouraged and rewarded when hacking systems, with the ultimate goal of improving security.