Is Ethical Hacking Justifiable? The Pros and Cons

Is teaching offensive hacking skills ethical? Isn’t this akin to handing loaded guns to learners? Is ethical hacking justifiable?

Proponents argue ethical hacking helps detect computer system and network vulnerabilities before malevolent hackers exploit them. Opponents say ethical hacking tools can be misused to inflict harm and that companies misuse it as a quick-fix option instead of proper security testing during product development.

Let’s explore both sides of the argument by looking at what ethical hacking is and why it can be controversial from either perspective, starting with how ethical hackers help organizations defend against cyber threats.

Backview of ethical hackers pointing on screen

Reasons Why Ethical Hacking Is Ethical

Breaking into a system to test its security isn’t new. Automobile crashworthiness testing dates back decades. Ethical hacking is nothing more than making this approach applicable to internet security. It’s an invaluable tool for proactive security, and it’s expected to create 3.5 million jobs globally by 2025. Ethical hacking can be justified for the following reasons, among others:

1) Identifies Vulnerabilities In Computer Systems And Networks

Ethical hackers believe the best method to defend a system is to probe it to uncover security issues before malicious hackers do.

Ethical hackers employ proof-of-concept attacks to exploit system and network vulnerabilities. This gives organizations the opportunity to identify and patch up missing security patches, misconfigurations, software flaws, and other system weaknesses that could be targeted by attackers.

2) Reveals How Security Concious Employees Are

When ethical hackers are gathering information about their target organization, they may use social engineering techniques and try to gain access to the system by asking employees for information.

This can help an organizations discover how well their employees understand security and if they are truly following the correct procedures when it comes to protecting confidential data.

3) Assesses The Company’s Public Information

Ethical hackers try to simulate how an attacker who doesn’t know anything about a system would try to break into it.

In doing so, they search the entirety of the internet and compile data about the target organization from various public databases. If this information can be used to construct a password dictionary that can brute-force the organization’s systems with success, then the organization needs to take steps to protect itself better.

4) Ethical Hacking Is Authorized

Penetration tests are performed cooperatively with the organization’s staff. The company allows the ethical hacker to intrude into its systems and launch simulated attacks to test for known vulnerabilities. The ethical hacker must work within the company’s parameters and report back on corrective patches.

5) Ethical Hacking Provides Insurance and Assurance

Penetration tests provides organizations with the assurance that their systems and networks can resist attacks. Also, they harden a system against malicious attacks and may even reduce the cost of cyber insurance policies.

Despite these justifications for ethical hacking, some people still consider it unethical.

Is ethical hacking justifiable? The pros and cons

Reasons Why Ethical Hacking May Not Be Justifiable

There are those who oppose ethical hacking on the grounds that it can be used for malicious purposes and that companies don’t always use it responsibly. Here are some of the potential issues with ethical hacking:

1) Misuse Of Tools And Technology By Hackers

The tools and techniques used by ethical hackers to penetrate systems have a dual nature. They can be a foe in the wrong hands, causing system damage and unauthorized access to confidential data. 

2) Can Be Used As A Quick-fix Solution

In most cases, the time-to-market pressure is so great that many businesses don’t pay enough attention to security during development or products. As such, they may rely on ethical hacking as a quick-fix solution to harden their software instead of investing in proper security measures during the development process.

3) Risk Of Non-Authorized Hacking

The risk of non-authorized hacking is always present, even when ethical hacking is being used. Without proper security controls in place, malicious hackers can find their way into the system and exploit its weaknesses.

4) Limited Scope Of Testing

Penetration testing does not cover all potential vulnerabilities and attacks that a system could face. It typically focuses on the most common types of known attacks, so some security issues may be overlooked, and real attacks may exploit vulnerabilities that have not been publicized.

5) Security Firms Have An Incentive To Hype Threats

Ethical hacking firms are paid to find potential vulnerabilities, so some of them may be tempted to exaggerate the threats posed by those vulnerabilities.

Despite these drawbacks, ethical hacking remains an important tool for organizations to use in order to maintain their cyber security.

Ethical hacker drawing a security defence strategy for the organization

Security Recommendations By Ethical Hackers

Ethical hackers can help organizations protect their systems by providing security recommendations that should be taken into consideration when building, deploying and managing computer networks and systems. Some of the most common recommendations include:

• Regularly patching systems against known vulnerabilities: Keeping up with software updates and patching is an important measure in protecting your system from the latest known threats. 

• Installing firewalls to limit exposure of services: Firewalls can provide an effective layer of security by filtering incoming and outgoing traffic. It can limit what outsiders see, or have access to.

• Block Scans: Organizations should also consider blocking scans from external sources to prevent attackers from gathering information about their systems.

• Educate employees: Regularly training employees about security best practices helps to create a security-conscious work culture.

Final Thoughts

Ethical hacking is a controversial but necessary field. While some people argue that it is unethical to teach others how to hack, the truth is that ethical hackers are vital in helping organizations protect themselves against cybercrime. If you’re interested in learning more about ethical hacking, be sure to check out LinkedIn Learning’s ethical hacking learning path.

Mike Chu

Mike is a web developer and content writer living as a digital nomad. With more than 20 years of devops experience, he brings his "programmer with people skills" approach to help explain technology to the average user. Check out his full author bio by clicking here.

Recent Posts