- Inc. Technology - http://technology.inc.com -
A Hacker You Should Do Business With
Posted By Kim Boatman On January 1, 2010 @ 12:00 am In E-Commerce | No Comments
It’s just a USB drive, casually dropped by an employee entrance, in the cafeteria or next to a cubicle. But what happens to that drive can tell worlds about your company’s IT security.
An employee wanders by, picks up the drive and, out of curiosity, sticks it in the computer at his or her workstation. The drive contains infected code that compromises your system.
Evaluating your company’s security vulnerabilities is the first step toward plugging those gaps and preventing costly data losses and security breaches that could compromise both information and your company’s reputation. For some small to mid-size businesses, evaluating security is a requirement of doing business with government agencies, credit card companies or health-related companies.
But utilizing an ethical hacker can make sense for your business even if you’re not required to do so. For a few thousand dollars, an ethical hacker can give you a sense of areas you need to shore up.
“A lot of small business owners think, ‘We’re a small company. Why would anyone want to access my environment?’’’ says Carl Herberger, vice president of information security and compliance for Evolve IP , a managed technology services provider for small and mid-sized businesses. You’re more of a target than you might imagine, asserts Herberger. “It is the small businesses that are frequently entryways to bigger businesses.”
What an ethical hacker does
A robust security check will do more than simply attempt to penetrate your IT system from the outside, advises Tom Kellerman, a commissioner on The Commission on Cybersecurity for the 44th Presidency and vice president of security awareness for ethical hacking firm Core Security . Depending on the level of service for which you contract, an ethical hacker will:
What you’ll pay
The low end of the range tends to be below $5,000, says Herberger. “We’ve done things in the $2,000 to $5,000 range, but the scope is much smaller.” Araujo says the cost could be as low as a few hundred dollars, depending on what you ask an ethical hacker to do.
A mid-size business might pay $10,000 to $15,000, estimates Herberger.
Even small companies are beginning to budget these sorts of security evaluations on an annual basis. “An annual basis would be the minimal standard,’’ Araujo advises. “IT environments tend to change so quickly that the results from a year ago are probably going to change.”
What to consider
Don’t simply turn your enterprise over to an ethical hacker without forming a game plan, says Araujo. Make sure you understand the process, ask the right questions and take these factors into consideration:
“Most organizations right now are hemorrhaging data,’’ says Kellerman. “It’s fundamentally critical to gain great awareness of where your vulnerabilities are.”
Article printed from Inc. Technology: http://technology.inc.com
URL to article: http://technology.inc.com/2010/01/01/a-hacker-you-should-do-business-with-2/
URLs in this post:
 Evolve IP: http://www.evolveip.com/
 Core Security: http://www.coresecurity.com/
Copyright © 2011 Inc Technology. All rights reserved.