Working with Hackers to Gamify, Resolve IT Security Risks

Every industry faces data security challenges: Hackers want information, and businesses want to protect it.

Employing data management solutions, real-time monitoring and algorithms to predict future vulnerabilities are often used to help organizations manage external IT threats. But even these high-tech solutions aren’t foolproof. Health and banking information, social security numbers, and IDs and passwords continue to escape from what were thought to be secure IT systems.

Breaches = Negative Business Outcomes

One survey found 76 percent of U.S. adults would not do business with companies that had a high number of data breaches. And 22 percent of organizations with a data breach reported losing customers. Every company impacted by this issue reported losing income: 38 percent said they saw a “substantial loss of revenue.”

In 2016 there were more than 1,000 data breaches in a variety of industries, a 40 percent increase over the previous year. The “business” sector had the most leaks (45 percent) with “health/medical” coming in second with 35 percent of the total. While most industries—government, education, banking—remain in the 10 percent or less category for data breaches, the health and medical industries have an unhealthy history of data loss: 30 percent or more for the last nine years.

In 2015, more than 700 million pieces of data were lost or stolen.

Public Humiliation

Social media allows us to publically humiliate anyone at any time. Hacked companies are frequently shamed when a data breach occurs, but a new organization is looking to hold organizations, and the software they create, accountable before a breach occurs.

The organization is still in its infancy, but the plan is to score everyday software—word processing programs and internet browsers—on whether they’re hack-proof, as reported by the MIT Technology Review.
Consumers who use this information would have a better idea of their personal, online vulnerability. And companies producing easily-compromised software would be outed before you use it.

Even so, external hacking of companies will continue.

Gamification Helps Protect IT Systems

Hacking is the most-used method to steal data, far outranking employee theft, incidental loss, accidental exposure via email or the internet or physical theft. Hacking accounted for 56 percent of all data leaks in 2016. This method of infiltration grows substantially every year as the technique most often used to illicitly gain access to private information or to potentially shut down operations in the physical world.

So it makes sense to use the opposite of black-hat hackers—white-hat hackers—to secure data.

Somewhat out of the IT security mainstream is white-hat hacking, the concept of paying hackers to locate vulnerabilities in an effort to plug leaks before a real hack occurs.

Not all organizations are ready to let a hacker, even a white-hat hacker, probe their IT systems to improve security. Stigma and concern remain: white-hat hackers may be tempted to manipulate the systems they’re being paid to protect.

Still, more and more companies use this technique to enhance security. Some of the biggest organizations in the country sponsor hack-a-thons to find vulnerabilities. Hack-a-thons gamify the data security process with the potential of getting many white-hat hackers involved by offering financial rewards. In addition public competitions, white-hat hacker companies will take a more discrete look at a business’ infrastructure.

The U.S. Army, U.S. Air Force and the Pentagon used the former approach when asking white-hat hackers to check public-facing websites for flaws. (A 17 year old—impressive and frightening at the same time—found the most weaknesses during this government-sponsored exercise.)

White-hat hacking isn’t yet among the most popular solutions to manage IT security, but it’s becoming more mainstream as large companies implement the solution in an effort to stay ahead of hackers. As an active way to infiltrate and protect IT systems, white-hat hacking may be among the best solutions and is certainly the most “real-world” of any available.
Blog Comments

Blog post currently doesn't have any comments.
 Security code

TriZetto Provider Solutions® Powered by Cognizant

We help physicians, hospitals and health systems simplify business processes and get accurate payments quickly. We will always look for new ways to help you improve revenue and increase cash flow. We will stay ahead of regulatory changes so your office will never struggle to keep up. All so you can focus on the one thing that really matters: doing what is best for your patients.

Learn More