Ethical hackers make an inside job of it
Brage and Daniel are ethical hackers. They are skilled in finding ways through the digital defenses of businesses and organizations. Their motivation is to set things right.
Hackers come in (at least) two categories. Those that wear a black hat will be out to do harm – either for financial gain, to target enemies or opponents, or simply to cause havoc.
White hat hackers start out with entirely different intentions – they are mainly triggered by a desire to identify security flaws – which they then report on – so that organizations can take steps to bridge any security gaps. Our guys are in white.
Both got involved when they were still in school – alongside friends with similar interests. There was a YouTube community where tips and stories of the successes of others provided inspiration. Today, they have made their hobbies into jobs.
Daniel: “I was starting to get into this – and at one point I discovered an error in one of Telenor’s systems. I pointed this out to them – and they quickly picked up on what I showed them. Then I received an unexpected invitation to meet with them – and with one thing leading to another, I was offered a job. So that’s my somewhat unusual pathway to joining Telenor.”
Today he is part of the security community at Telenor Norway – and his skills are constantly applied to ensure that we continue to stress test our own systems. An important part of that is “penetration testing”, to uncover any weaknesses or vulnerabilities so they can be rectified.
Brage is part of Telenor Cyberdefence, which is set up to deliver cloud-based Managed Security Services in the Nordics. The company is still in an early phase – but the demand in this sector is growing fast, and they are already one of the leading providers of penetration testing in Norway.
But how well prepared are Norwegian and Nordic companies to meet emerging threats? “I think it is fair to say that there is room for improvement in many areas. In the financial sector they have, for good reasons, come quite far, but other sectors are less well prepared. Also, the reporting mechanisms are often poor, which means we aren’t very good at learning form the incidents that do occur.”
A few years back there was a large-scale attack on one of Norway’s leading companies, Norsk Hydro. This clearly rattled the Norwegian business community – and in the wake of that incident many were upping their budgets and mobilizing to get their defensive lines in better shape,” says Daniel.
“But when you are under pressure to act fast you are often less sure that the measures you put in place are fit for purpose. Regrettably, this is an area where you need to be prepared to meet rapidly changing threats. My advice would be to anchor this effort at CXO-level and accept that this is an area that will need vigilance and continuous investment,” adds Brage.