Ethical Hacking vs Cyber Security
Updated: Apr 23, 2020
Part of being a Cisco Champion involves outreach, being parts of the community to help and inspire others find their passions in the technical world. It was in one of these outreach groups I came across a simple question:
“What’s the difference between Cyber Security and Ethical Hacking?”
The simple truth is, Ethical Hacking is a part of Cyber Security.
As a Cyber Analyst, it is my job to find the best solution for my client. In some situations that is reviewing policies and procedures. In others, it’s breaking in, where through technology, physically, or using social engineering to convince targets to give access. Further still, I have worked completely remote and just investigating open-source information.
Cyber Security isn’t one set thing, it’s a rainbow of skillsets, tools, and passions – often combined, to make the most effective secure environment. Consider the IT help desk, validating your identity before resetting a password. Think of the software installed on your devices monitoring for suspicious code or websites. Did you know, companies hold something called a risk register, where they record all the notable risks to the organisation and how they address them?
Whereas Ethical Hacking is looked at on the offensive, whether taking action or viewing from a "what can I make this do?" point of view. The ultimate goal of Ethical Hacking is to highlight the vulnerabilities real-life malicious actors can exploit, before they do. Yes, it's fun. Yes, it can be "hacking" software, deploying Phishing campaigns, gaining access to a building - but it's a piece of a much larger picture.
Cyber Security is the umbrella that covers the blue or defensive, the red or offensive - packaged together to create a holistic solution to keep you and your sensitive information safe.
There is no environment 100% secure, and absolutely no way an organisation can remove all risk. The goal of Cyber Security, and a part of this is the Ethical Hackers, is the lower the risk to acceptable levels, and implement controls to mitigate impact.
Interested in understanding more terms? Check out Ideas for Testing, where I look at different terms used and often confused.