Trust or Trust Fund

Source:https://pixabay.com/en/computer-security-padlock-hacker-1591018/

If I were to hire a hacker to handle or prevent certain cyber security issues on my company’s network, what are the benefits and the risks? Would it be worth it? This security question is at the forefront of many IT decisions when companies are faced with continual cyber attacks, frustrated IT security personnel, and seemingly exorbitant cyber security consultancy rates. The decision to commit to an expensive security firm seems to be a waste of resources compared to hiring the hacker with the expertise to repeatedly break that firm’s security systems at a much lower cost. However it is not quite that simple.

Will the rat protect the cheese?

Source: https://commons.wikimedia.org/
wiki/File:Hacker_Inside_Logo.svg

Hiring a hacker can be compared to hiring a specialist. Few people have as much proven experience finding and exploiting weaknesses in a security system as does a hacker. Few people would know what is required to reinforce that system against such attack. The question is can you trust such an individual to access your system. What is to stop that hacker from exploiting your system even though he is a part of the company. With background checks out the window, since he is a criminal / ex convict will clients be happy knowing their data, money and security are in his hands? How do you reassure them that he is truly reformed?

When the hack is inevitable

Source: https://timedotcom.files.wordpress.com/
2016/03/hacker.jpg

Very often the cyber security issues can be daunting and overwhelming when added to the everyday work of the IT department. A hacker on the team could be a dedicated resource focusing on cyber security issues and bringing strategic and specialized security expertise to the table. The prospect of having an expert on board is enticing but is it worth the risk of future exposure that is inevitable in the ever adapting cyber crime environment. Why risk hiring a criminal to protect against attack when attack is basically unavoidable. Is the possibility of mitigating that risk worth the exposure?

Tread lightly

Source: https://bit.ly/2I8WJh4

The truth is that there are basically no quick fixes for cyber security and by extension hiring a hacker or even a security firm for that matter. Special policies and security arrangements will have to be made to manage such a setup. It would be unwise to treat cyber security hires as just another employee since their power and access will be far greater and the capacity to harm more serious. It is undeniable that the expertise of a hacker often far outweigh that of the IT security employee, however this expertise is usually limited to search and destroy activities and do not necessarily include build and protect.

References

  1. Reddy, C. (2019, February 8). Top 10 Pros and Cons of Hiring Hackers to Enhance Security. Retrieved from wisestep.com: https://content.wisestep.com/top-pros-cons-hiring-hackers-enhance-security/
  2. Sangronis, G. (2017, April 04). Hiring hackers to improve security, good or bad? Retrieved from WordPress: https://gsangronis.wordpress.com/2017/04/04/hiring-hackers-to-improve-security-good-or-bad/