In corporate cybersecurity, a new breed of digital mercenaries is turning the tables on cybercriminals – and business is booming.
On a typical Tuesday morning, as employees of a global financial services company logged in to start their day, none suspected that their routine was about to be shattered. Within hours, the company would discover a massive data breach, exposing millions of customer records. The culprit? A simple SQL injection vulnerability that had gone undetected in their web application.
This catastrophic scenario, shared by Ezzeldin Hussein, Regional Senior Director of Solution Engineering at SentinelOne, is not just a cautionary tale. It is a stark reminder of the ever-present digital threats facing businesses today – and a powerful argument for the rising industry of ethical hacking.
Welcome to the world of ‘hackers for hire,’ a burgeoning sector where skilled professionals are paid to break into systems, not to steal or destroy, but to expose vulnerabilities before the real criminals can exploit them. This is the realm of ethical hacking, a field that is rapidly reshaping how businesses approach cybersecurity.
Evolving threats
“Cyber threats have moved from basic malware and phishing schemes to sophisticated, targeted attacks, often orchestrated by nation-states or organised crime groups,” Hussein explained.
This evolution has created a pressing need for companies to stay ahead of potential attackers, leading to the rise of ethical hacking as a critical component of cybersecurity strategies.
The threats businesses face today are far more complex and potentially devastating than ever before.
“Companies and high-profile individuals now face advanced persistent threats (APTs), ransomware with extortion tactics, deepfakes, and supply chain attacks,” Hussein told Arabian Business.
These threats exploit vulnerabilities in emerging technologies like IoT, AI, and cloud services, creating an ever-expanding attack surface that traditional security measures struggle to protect.
The rise of remote work has further complicated cybersecurity matters, making the role of ethical hackers more critical than ever when it comes to proactively identifying and mitigating risks.
The global market for ethical hacking is projected to reach $300 billion in 2024, according to reports.
At its core, ethical hacking involves authorised attempts to identify and exploit vulnerabilities in systems, networks, or applications. Also known as white-hat hackers, they are employed by organisations to simulate cyberattacks by mimicking the tactics used by malicious hackers.
“They start by gathering information about the target system, followed by scanning and analysing it to identify potential weaknesses, such as outdated software, misconfigurations, or weak passwords,” Hussein said.
This process doesn’t stop at identification. “Once vulnerabilities are found, ethical hackers exploit them to assess their impact, often using tools and techniques similar to those used by cybercriminals,” he added.
“They document their findings and provide detailed reports, including recommendations for remediation.”
The ethical hacking arsenal
The toolkit of an ethical hacker is diverse and constantly evolving. According to insights from CovertSwarm, a company specialising in ethical hacking services, common requests from clients encompass a wide range of specialties.
These often include network hacking, web application hacking, system hacking, and password cracking. Each plays a crucial role in identifying potential vulnerabilities within a company’s digital infrastructure.
Network hacking assesses the security of wired and wireless computer networks, while web application hacking focuses on analysing applications for vulnerabilities such as SQL injection or cross-site scripting (XSS), common attack vectors for cybercriminals.
System hacking identifies vulnerabilities in computer systems, operating systems, and software. Password cracking, while sounding nefarious, is a vital service attempting to gain unauthorised access to user accounts to expose weak password policies.
In addition, ethical hackers now routinely evaluate email systems to identify vulnerabilities that could lead to data breaches or unauthorised access. Wireless network hacking is also used to focus on Wi-Fi and other wireless networks, often overlooked entry points for cyber attacks.
Social engineering, an underestimated aspect, simulates tactics exploiting human psychology to gain unauthorised access or information. This strengthens the human element of cybersecurity which often the weakest link in the security chain.
And as mobile devices become integral to business operations, mobile application hacking has emerged as a critical specialty, ensuring these portable gateways to sensitive information are adequately protected.
This arsenal underscores that ethical hackers don’t just probe technical vulnerabilities; they also test an organisation’s susceptibility to manipulation and deception, addressing both technological and human aspects of cybersecurity.
The business of ethical hacking
As the demand for ethical hacking services grows, so too does the industry surrounding it. Companies like CovertSwarm are capitalising on this demand by offering subscription-based ethical hacking services that go beyond traditional, periodic penetration testing.
A CovertSwarm spokesperson said the company’s approach provides “continuous red team services,” a model they claim keeps organisations “ahead of cyber threats by simulating relentless attacks that reflect real-world scenarios.” Their fee structure operates on a subscription basis, offering different tiers based on the number of days their team will invest per month to execute attack plans for the client. These tiers typically cover 25, 50, or 100 percent of the days in a month.
This shift towards continuous engagement reflects a broader understanding in the business world that cyber threats are not static but are constantly improving and evolving.
“More organisations are moving towards regular assessments to stay ahead of potential breaches rather than relying on outdated, annual checks,” CovertSwarm told Arabian Business.
Contrary to popular perception, ethical hackers aren’t typically reformed criminals. In fact, the backgrounds of these professionals are often quite conventional.
They can include anyone from technical and IT professionals, software developers, and computer science graduates, to individuals with law enforcement or military backgrounds, academics and researchers in the field of cybersecurity, and self-taught hackers with a passion for cybersecurity.
Many ethical hackers also hold industry-specific certifications such as CREST, CEH, CISSP, or OSCP to validate their skills and knowledge.
Challenges and controversies
The rise of the ‘hackers for hire’ industry isn’t without its challenges and controversies. The term itself can evoke images of digital mercenaries with questionable loyalties, a concern that industry professionals are acutely aware of.
“The ‘hackers for hire’ industry must be approached with caution to ensure that only qualified, reputable professionals are engaged,” said Hussein.
To address these concerns, companies like SentinelOne employ rigorous vetting processes.
“We emphasise reviewing the ethical hacker’s credentials, certifications, and past performance,” Hussein explained.
“We prioritise working with professionals who have a proven track record of success, strong references, and a clear understanding of legal and ethical guidelines.”
Legal and ethical compliance is indeed a crucial aspect of this industry. CovertSwarm said that they adhere to both UK laws, such as the Computer Misuse Act, and US laws, like the Computer Fraud and Abuse Act. They stressed the importance of obtaining “explicit written consent from system owners” and operating “strictly within defined scopes.”
Hackers are getting more sophisticated
Looking ahead, the ethical hacking industry shows no signs of slowing down. In fact, emerging technologies are likely to create new challenges and opportunities for the field.
CovertSwarm predicts that AI will play an increasingly significant role, both as a tool for ethical hackers and as a potential vulnerability to be exploited by malicious actors.
“Companies need to begin thinking about attacking and securing AI systems, as this area is still a relatively unknown territory in cybersecurity,” the company warned.
Other trends on the horizon include an increased focus on insider threats and ransomware.
“Ransomware attacks are not only on the rise but attackers are also expanding their targets to include smaller companies that were previously overlooked,” CovertSwarm said. They also highlight the growing risk of insider threats, exacerbated by the integration of AI systems in business processes.
To combat these evolving challenges, Hussein emphasisesd the need for a more comprehensive approach to cybersecurity.
“Organisations must develop a consistent culture of security awareness, where every employee understands their role in protecting the organisation’s assets,” he said.
“Regular training, simulations, and updates to security protocols are essential against current and emerging threats.”
The strategic imperative
As cyber threats continue to evolve, so too will the role of ethical hackers.
“Cybersecurity is not just a technological challenge but a strategic imperative,” said Hussein.
Ethical hackers are now emerging as key allies for businesses looking to protect their assets and reputation in an increasingly hostile online environment.
“By staying informed, prepared, and adaptable,” Hussein said, “organisations can not only defend against cyber threats but also turn cybersecurity into a competitive advantage.”
The world of “hackers for hire” may be controversial, but it’s clear that ethical hacking is here to stay.
Follow us on
