While hacking is ordinarily considered an illegal activity, ethical hacking involves
companies hiring highly trained cybersecurity experts for the express purpose
of infiltrating their computer networks, systems and web applications. The logic behind
these simulated cyberattacks is that they enable organizations to preemptively uncover
vulnerabilities, anticipate the antics of cybercriminals and create disaster recovery
plans based on “real-world” conditions.
Upon discovering a vulnerability, such as missing data encryption or cross-site scripting,
these “white hat” hackers must document them and provide the organization with
advice on remediation. A “black hat” hacker, on the other hand, is an unauthorized
intruder who seeks to extract information or compromise a system.
“Ethical hacking starts with curiosity first,” said Anand Mohabir, founder and CEO
of Elteni, a cybersecurity consulting firm. “If you’re a curious person by nature and if you
like breaking things and fixing them from a technical perspective, then it’s probably for
Even though these benign hackers are contracted by companies to perform penetration
tests, becoming a Certified Ethical Hacker (CEH) doesn’t give one license to run amok.
An ethical hack is carefully planned out, where the hacker enters into a legal agreement
with the company stipulating what systems and applications they’re allowed to
compromise, start and end times for the simulated cyberattack, the scope of work and
protections for potential liability issues.
“We need to make sure that we have a legal basis to do these things and protect
ourselves from legal recourse,” Mohabir explained. “So it is a very formal process when
it comes to contracting these ethical hacking exercises.”What are the benefits of ethical
There are three main benefits to ethical hacking.
1. Finding vulnerabilities—Determining which security measures are effective, which ones
need to be updated, and which ones contain vulnerabilities that can be exploited.
2. Demonstrating methods used by cybercriminals—Showing executives the hacking
techniques that malicious actors might use to attack their systems.
3. Preparing for a cyberattack—Anticipating cyberattacks and buttressing weak spots in
the organization’s cybersecurity infrastructure.
How does ethical hacking work?
Penetration testing is a form of ethical hacking that involves attempting to breach
application systems, APIs, front-end/back-end servers, operating systems and more.
Ethical hackers perform a range of penetration tests to determine an organization’s