The cyber security industry has always relied on hackers to find and reveal vulnerabilities in systems. Those that do so in a constructive manner, to provide companies with the information they need to patch these vulnerabilities, are known as white hat hackers. But can any hacker truly be trusted?
White hat versus black hat
The difference between white and black hat hackers lies not in their skill sets but in their intentions. White hat hackers use their skills to breach security systems, just as do their black hat counterparts. However, while black hat hackers act maliciously and frequently engage in harming others for their own personal gain, white hat hackers have different goals.
Essentially, the purpose of a white hat hacker breaching a security system is the ultimate improvement of that system. White hat hackers use their full skill set, which can include everything from breaking and entering, social engineering, and of course, software penetration, to attempt to breach security. Often, their testing takes place without the majority of an organisation being aware that there is a security review taking place.
There are also white hat hackers who engage in penetration testing and attempted security breaches without the knowledge of anyone in an organisation, with the full intention of disclosing their methods for the greater good of the company’s cyber security policies. However, this is illegal in many regions.
Are white hat hackers trustworthy?
By definition, a white hat hacker is a hacker whose intentions are good and who behaves in an ethical fashion. However, distinguishing a true white hat hacker from a black hat hacker isn’t always simple. There have been incidents in which a black hat hacker posed as a white hat hacker in order to create a distraction or gain restricted access to a system.
Hackers and cyber security experts are not, in and of themselves, more or less trustworthy than other types of employees and consultants. However, as with all employees who will be granted special permissions and access to restricted information, it’s critical for companies to choose security consultants that can be trusted.
Carefully looking into the background of any employee or consultant who is to be granted the level of access required to conduct penetration testing or an overall security review is extremely important. The job description “hacker” doesn’t indicate that a person isn’t trustworthy, but careful verification is still required.