If I can hack you then black hats can do it too - William Wright

In the world of cyber, hackers take many different forms. There are black hats who use the web as their playground to commit crime, but there are also the white hats that hack organisations for good. Rather than hacking to find weaknesses and monetise from them, ethical hackers hack to help organisations improve the security of their systems.

In my job, I wear a white hat. I’m one of the good guys and also Scotland’s first ever chartered ethical hackers (Chartered Cyber Security Professional).

From my penetration testing business in the Outer Hebrides, I run assessments on organisations’ networks to help them identify weaknesses, so they can be secured, before criminals exploit them maliciously.

Hide Ad
Hide Ad

In my experience, every organisation possesses weaknesses that criminals can exploit. They find them using automated hacking tools and then launch devastating attacks from anywhere in the world.

​Weak passwords give hackers a way in (Picture: stock.adobe.com)​Weak passwords give hackers a way in (Picture: stock.adobe.com)
​Weak passwords give hackers a way in (Picture: stock.adobe.com)

This simplicity and convenience is why cybercrime is thriving.

Forgot crowbars and balaclavas, the keyboard has become today’s weapon-of-choice and criminals are hooded by the cloak of the web. They can break into an organisation’s network, steal their most valuable assets, then slip away completely undetected, without so much as a shatter of a window (physical at least).

Given my position on the cyber frontlines, what advice do I have for businesses to help secure their systems from black hats?

Weak passwords

Everyone knows the risks of using weak passwords, but they plague organisations today.

A criminal only needs to compromise one valid password to access a corporate network, so when employees use easy-to-guess passwords or the same password across multiple accounts, they can deliver big returns for criminals with very little effort.

To counter password problems, organisations must adopt policies where employees are forced to use complex passwords that are at least 12 characters long and a mix of letters, numbers, symbols and capitals.

Using Multi-Factor Authentication also provides serious improvements to defences, because even when one password is lost or stolen, criminals need to pass another authentication layer before they access systems.

Unpatched software

Hide Ad
Hide Ad

No piece of software is ever created perfectly, so patches to fix issues will always be released by product vendors. These must be applied quickly after release, because the longer unpatched bugs exist, the more time criminals have to exploit them.

In 2023 the digital world suffered from a domino style attack following the discovery of the MoveIT vulnerability. The bug hit organisations across the world, costing millions in losses.

Organisations must strive to avoid similar incidents by keeping their systems up-to-date and patched.

Legacy equipment

Legacy equipment is hardware or software that is being used by an organisation long after its sell-by date. Because it’s old, it often means it no longer receives security updates, which leaves it ‘buggy’ and easy for criminals to target.

Not all legacy equipment can be updated easily, but organisations should pull together plans around upgrading equipment. Until upgrades take place, it is essential to segregate old technology from sensitive areas of the network and layer it with cybersecurity tools to prevent unauthorised access.

From my experience, these are the issues that frequently cause security problems for businesses.

Do any of these issues impact your business?

Fix them now, before it’s too late.

William Wright, CEO of Closed Door Security

Related topics:



Want to join the conversation? Please or to comment on this article.