I remember watching old westerns (as reruns, mind you…) when I was younger. It was easy to know where you stood in those days; the good guys were always dressed in white, all the way down to their ten-gallon hats.
Turns out, the metaphor has been applied to a practice that many larger companies have when it comes to securing business data. White Hat Hackers, as they are called, are elite and ethical code-junkies who attempt to break into the files of their employers. And, while your own IT team might stay up-to-date with all the latest spyware, potential dangers, and hacker news in an attempt to protect the business against hackers, maybe they should occasionally attempt to hack through your firewalls, too.
Appreciating the accidental
The practice of attempting to foil your own plans is fairly sound. The reason has to do with the power of happenstance. Friendly hackers can reveal weaknesses in your company’s protocol the same way actual hackers might be attempting to gain entry: by accident.
Typically, hackers succeed breaching their target because they keep trying things—not because they’ve planned an Ocean’s Eleven style break-in. The accidental plays a huge role in the hacker’s strategy, which is something most IT Ops personnel aren’t looking for.
By attempting to breach your business’s cyber security, your White Hat can stumble on the same goldmine entrances that hackers might discover. And, just like those old westerns, they can call the Calvary before all the loot is gone.
Crazy like a fox
Another thing that White Hats can do for your cyber security program is to create ingenious anti-hacker protections. Rather than solely relying on out-of-the-box protocols, custom-made security can fit your company tighter than a glove. This method of using a criminal to foil criminals was proven effective when the Federal government hired one of the greatest con men in history to help the US treasury create sophisticated anti-counterfeiting strategies. Frank Abagnale Jr. has developed some of the most impermeable guards simply by reverse engineering his own attempts to counterfeit.
By thinking like a villain, you can create traps where a true hacker might tread because your White Hat just stepped there. Or, in some cases, where you can’t tread might reveal gaps in security that “honest” guards might overlook.
By approaching the firewall with nefarious intent, your White Hat is uninhibited—unlike typical IT personnel—and they can find the breaks in the mesh more easily. Whether custom code is created or not, the fact that the weaknesses of your program are located means you know where to focus your security. And that, for any IT team, is the first step toward preventing an actual breach.