http://biz.thestar.com.my/news/story.asp?file=/2002/10/30/business/yvword&sec=business By Yvonne Chong October 30, 2002 AS computer system security becomes an increasingly major concern for businesses and governments alike, organisations can look to hiring ethical hackers to uncover their systems' vulnerabilities before the hackers do. To prevent the growing legions of hackers from crippling an or- ganisation's business operations and destroying their profit margin, local businesses must learn to think and act like hackers, said Wordware (M) Sdn Bhd managing director Wilson Wong. "Before companies can understand today's security threats, they need to know how hackers select and exploit companies' vulnerabilities, how to eliminate those vulnerabilities, and the counter measures available," Wong said at a seminar on Ethical hacking and counter-measures in Kuala Lumpur yesterday. Known in Malaysia as "penetration testing engineers" as opposed to the more controversial term "ethical hackers", these professionals who are skilled in all the hacking tools and counter measures are a relatively new breed here. Wong noted that the awareness level of the imminent and actual threats of hacking was low, particularly among the small- and medium-sized enterprises (SMEs), which formed the bulk of local companies. Many organisations are un- aware that hacking tools are readily available on the Internet to be downloaded. These tools can be used to steal database, including credit card and other personal details, and sensitive or confidential company information. A hacker need not even know any programming language to use the tools to cause serious damage to a company that is not adequately protected. Some 3,000 cases of cybercrimes and Internet security breaches were reported in Malaysia from August 1997 and July 2002. Wordware vice- sales and marketing president Sanjay Bavisis said the fear was not so much of having one's website defaced with big bold "You've been hacked!" or the logo replaced with pornography, because then the organisation would know it had been hacked and do something about it. "It's when everything seems to be just the way they were. But behind that, your data had been compromised, stolen and altered, some software implanted in your system that transmit all your secrets out ... and you are not even aware of it," he said. Wordware and US-based International Council of E-Commerce Consultants (EC-Council) recently introduced "Ethical hacking and counter-measures" as an e-business qualification in Malaysia. Candidates who pass the programme would be accorded the title "Certified Ethical Hacker" (CEH). The seminar was attended by over 300 professionals from the banking and finance industry, IT and telecommunication sectors, students and human resource managers. Topics covered included Hacker ethics: Are there any ethics?, legal implications of hacking, computer crime and punishment, hacking and protecting your Windows 2000 OS and hacking and protecting your dial-up, voicemail and VPN. Wordware has 26 authorised training centres nationwide to teach and train students in the course, among other e-business courses. "Each centre plans to have 10 to 20 CEH trained every month," Wong said. While the profession was slowly gaining momentum here, the growing trend in US companies was to groom their own ethical hackers, said EC-Council technical director Haja Mohideen. "There's now a new title: chief hacking officer (CHO)," Haja said, adding that it was only a matter of time when the same trend came to Malaysia. CHOs are a breed of ethical hackers that have mastered all the hacking tools and know all the counter measures. They are not involved in providing security for the company but their role is to find all the gaps and loopholes in an organisation's system, somewhat like the final checkpoint in the system's quality control, according to Haja. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Oct 31 2002 - 08:57:01 PST