KPMG first commented on the growing trend for employing ex-hackers as part of cyber security regimes in business, back in 2014. A recent Radware survey indicated that only 18 percent of respondents did not employ ex-hackers. It seems hard to believe, but 46 percent reported they had had them in place for more than two years and 36 percent said they had installed them in their firms within the preceding two years.

Although the survey would benefit from a larger sample size, if we accept that there is a growing number of businesses that have installed or are installing ex-hackers, we can go on to ask, is this genuinely the future?

Looking at business culture, you would be forgiven for thinking that many organisations deal with security at arm’s length, trying to solve problems or mitigate risk through buying software and passing responsibility onto single silos, such as IT. Anyone who understands our interconnected world will realise that this is not a sustainable approach.

Is employing ex-hackers another step on this cultural disconnect and wilful ‘hands-off’ approach? Not all organisations are structured this way, and not all will have taken the step lightly or without significant exploration of the possible outcomes. Some, however, will embrace this regardless and potentially without a vital risk assessment and inclusion on the corporate risk register.

In this article we discuss some of the areas of potential concern for businesses considering this as a security solution. It is easy to see the attraction of having an ex-hacker on board, but would you be so quick to hire a convicted money launderer as a compliance manager?

Oct-Dec 2016 Issue

Advent IM Ltd