Ethical hacking, often referred to as ‘white hat hacking,’ is an area of cybersecurity that continues to generate some controversy. Nevertheless, the general trend is in a positive direction, with the concept of hackers probing for weaknesses within organizations’ architecture and reporting them so they can be fixed becoming an increasingly recognized tactic in the fight against cybercrime.
In early November, cloud security firm Artmotion announced its intention to add this capability to its services through the acquisition of Citadelo, a company founded by ethical hackers back in 2006 to identify security vulnerabilities in organizations through simulated attacks.
To discuss this move into the white hat hacking space and the evolution of the field in general, Infosecurity spoke to Mateo Meier, CEO of Artmotion and now a board member at Citadelo.
What persuaded you to pursue the acquisition with Citadelo, and how will it expand Artmotion's offering?
The main aim was to find a company that could challenge our technology and security paradigms, both internally and externally, when clients host their infrastructure in the public cloud. We often hear our clients say something like, “yes, our setup is safe, but is it really?” With a team of 30 hackers, we can answer this question quickly and effectively address any potential security concerns.
Could you explain how Artmotion will now work in conjunction with Citadelo and what the long-term plans are for this partnership?
Although both companies will continue to operate as separate entities, we will work closely together, enhancing each other’s offerings. For example, Citadelo’s ethical hackers will help better secure our clients’ multi-cloud environments, whether it’s on AWS, Azure, or Google Cloud, by attempting to breach it.
As cybersecurity is paramount to digitally transformed companies, we aim to help them fortify their infrastructure by taking a multi-pronged, dynamic and proactive approach. As enterprise security demands evolve, we will grow together to help ensure robust security and regulatory compliance.
To what extent have you observed the use of ethical hacking become more recognized as a way of improving organizations’ security in recent years?
Many years ago, customers had a couple of servers allocated to the same server room. This means that we had to protect one location and, in some cases, with just a firewall. This was pretty easy compared to today.
Now we see customers using a multi-cloud strategy, which means their CRM may be with a different public cloud provider than their application. Each of those applications interacts with each other, which means many different interfaces, creating significant risk.
To sum it up, because applications are no longer in a single system and are hosted on different platforms that interact with each other, hackers see many opportunities to find and exploit vulnerabilities.
So, to cover all bases and secure your infrastructure, you have to think like a hacker. This makes ethical hacking the only proactive approach that helps companies stay a step ahead of bad actors. From now on, I can only see white hat hacking growing in importance for small and medium-sized businesses and multinationals.
Has this method become more important since the start of the COVID-19 pandemic, especially in regard to cloud infrastructure?
Yes, security, in general, has become vital, especially when customers are dealing with sensitive data. A home office usually means less structure and less secure infrastructure. That is why our revenue grew during the COVID-19 pandemic. This was because our customers needed to protect their employees working from home.
Have the ways in which ethical hacking is conducted evolved in recent years, and how do you expect this field to change in the future?
Hacking is continuously evolving. As the latest technologies are introduced, new hacking techniques emerge with them. The basic principles are the same, the applications are new, but their efficiency is rapidly rising.
Cloud services in general, IoT, wearables, IIoT, ICS, SCADA and connected cars are all targets. So now we see these technologies getting more attention from both white hat and black hat hackers.
New generations of junior software developers and system administrators are in the field, and they learn through failure. That is okay for them, but it is terrible for the security industry. There is a vast space of software building blocks such as frameworks, libraries and novel programming languages that are repeatedly attacked. So, companies will have to respond to that threat with the help of ethical hackers.
The future will bring even better tools for both sides. Both the attackers and the defenders are producing more robust tools. Both sides are adopting machine learning. It is a game of cat and mouse, and it will continue to be endless and relentless.