Cyber Security
Hacking your own company:
Before the bad guys do it for you
F By CF Fong CEO of LGMS IDG’s CSO of The Year 2013 Cyber Security Professional of The Year 2016
or some of us who are familiar with the term ‘Hacker’, we understand the general public’s perception about what they’d imagine Hacker could do - usually towards a more negative way. The mass media too, often portray hackers are the executioner of all evils in the cyber space. In the real world we are living in, there are a group of individuals, who are having good intention in mind, carrying out the mission to ‘hack’ for a good reason and purpose, we would call them the “White Hat Hackers”. In contrary to common believes, White Hat Hackers do carry out penetration testing or ethical hacking, just like what the malicious hackers do, however, White Hack Hackers done so, with the sole objective to discover vulnerabilities in the test target, report vulnerabilities, and provide recommendations and advisory to the target owner.
Penetration Testing in Malaysia White Hat Hacker services are nothing new in Malaysia. Major financial institutions and telecommunication operators in Malaysia do engage trusted security firms
30 | Australian Cyber Security Magazine
that are offering White Hat Hacking services for decades. The engagement frequencies are usually based on risk acceptance of the organizations themselves. With the pro-active discovery of loopholes and vulnerabilities, organizations can stay abreast about the latest cyber threats and be able to become vigilant in combating malicious hacking attempts. A good example is the recent “WANNACRY” Ransomware attacks. WANNACRY Ransomeware is targeting vulnerable and outdated Microsoft Windows systems to encrypt files and replicate itself to new targets. Pro-active Organizations which have been conducting regular penetration testing and vulnerability assessments would have had these outdated Windows systems identified during the testing and assessment exercises. Chances are, they may have already got these system decommissioned or patched up prior to the WANNACRY Ransomware pendemic.
What is Vulnerability Assessment There are still much confusion between “Penetration