While ethical hacking is by no means a new or groundbreaking practice, the scale at which organizations and individuals are undertaking such initiatives continues to intensify, especially considering recent events such as the log4j vulnerability.
Traditionally, ethical hacking is undertaken by organizations who are looking to uncover security gaps which exist within their corporate network and on company devices. It is a process which can help identify areas in need of immediate patching or remediation, ultimately reducing attack surface and keeping company data safe from ill-intended attackers. However, this is only one advantage to ethical hacking. Another benefit is the education and upskilling of cybersecurity professionals.
As someone who has spent the last two decades creating content to help educate the wider cybersecurity community on the latest risks and threats, I can honestly say that one of the biggest challenges that persists in our industry is continuing to accelerate the learning path of cybersecurity professionals, beyond university and self-education. The reality is that cybersecurity textbooks become outdated almost immediately.
New technologies with unique security controls emerge and cybercriminals continue to grow in number and become more discrete and targeted. That is why we must constantly learn and upskill ourselves to be able to defend organizations against these attackers and this is where the gamification of ethical hacking can come into play.
Keep IT and Security Teams on Their Toes
Gamified ethical hacking programs and software are instrumental tools for organizations that can help keep IT and security teams sharp and quick on their feet when it comes to identifying and resolving potential threats. Gamified platforms are interactive yet challenging, often requiring participants to think outside of the box. By learning through trial and error, users of ethical hacking platforms often retain skills better than those who participate in textbook training with a series of checkbox exercises.
So, how can organizations use hacking gamification to improve and enhance the skills of their security team?
One of the greatest things about gamified hacking platforms is that they can help improve security skills and experience in specific and highly targeted areas. For example, organizations can plan education tracks in areas such as incident response, Windows privilege escalation, cloud security, and digital forensics or anywhere else where knowledge gaps may persist.
The creation of different internal gamified ‘capture the flag’ type contests for security teams can also help improve the skill set of company developers and SOC analysts. These events can again be tailored to address specific areas. Not only are these events educational but also serve as fun and interactive team building exercises.
Another great, yet often untapped, way to use gamified platforms to your advantage is through the recruitment, onboarding and subsequent training process. Gamification platforms can help organizations quickly determine the skills and capabilities of potential candidates, while also providing a cost-effective and resourceful way to train new hires. By stimulating vulnerabilities in these controlled, gamified environments, employees can put their skills to the test and practice reducing risks in real time.
Bridge Skill Gaps
As organizations tap gamified hacking platforms to help with their ongoing skills gap, over the past few years, we have also seen hacking become somewhat of an e-sport.
Online gamers and streamers on platforms like YouTube are a global phenomenon on social media with viewers wanting to know their secret techniques on how to advance to the next level. Popularity is continuing, with top gamers raking in millions in commissions and sponsorships. Hacking is now following a similar path. Some of the world’s top hackers are now streaming their hacking skills online, showing off new techniques and methods on how to bypass security and get through the initial foothold, and then elevating privileges. Hackers are also competing with one another on interactive platforms, searching for L33T status by being on the top of the leaderboard. This is definitely a new trend that will continue to proliferate this year, and we may even eventually see hacking become an EL3T3 Sport that viewers will pay to watch hacker’s hack.
Gamified platforms and hacking esports are the future. This will create a whole new way to train and better prepare security teams to deal with future cyber threats as it allows an organization’s security team to practice and learn the same techniques used by cybercriminals. These platforms will also be used to help find talented professionals who will help your organization defend against cyber attacks.
Joseph Carson is Chief Security Scientist and Advisory CISO at ThycoticCentrify.
Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite.