(CBS) — It seems like every month we hear about a huge data breach, our credit card numbers and other important information in the hands of crooks. Now more companies are hiring hackers to help them protect their customers.
Chris Martinez shows you how these hackers work.
Computer systems are under constant assault and the bad guys have scored some big wins lately.
JP Morgan Chase had 76 million accounts breached, Home Depot 56 million and TJ Maxx 45 Million, along with smaller data thefts at Target, Nieman Marcus and Dairy Queen.
“Companies want to stay out of the headlines. They don’t want to be the next big data breach,” said Jay Kaplan, a security expert.
That’s why they invest in their own elaborate security measures, but it isn’t always enough. Now many are turning to hackers for help.
White hat hacker Anshuman Bhartiya works out of his apartment.
“Some days I can find four or five issues in a couple of hours,” he said.
Matthew Jakubowski, also a white hat hacker, works out of a small, newly created lab at Chicago-based information security firm, Trustwave.
“Instead of us stealing the data, we’re telling you what we’re able to access and how to prevent us from doing it in the future,” he said.
Jakubowski figures out how black hat hackers can penetrate a company’s security defenses.
“Penetration testing is… taking advantage of those flaws or holes… and then trying to find the sensitive data such as cardholder data or personal information,” Jakubowski said.
He’s been very successful.
“Over the last five or so years, I’ve been able to probably get into about 480 systems and get access to that sensitive data,” he said.
Security expert Christien Rioux runs Veracode.
“You need to think like the attacker, if you’re ever going to outsmart them,” Rioux said.
Kaplan, who runs Synack – a firm that employs hundreds of white hat hackers, agrees.
“They’re really trying to help companies understand what their problems are and shine a light on those issues,” Kaplan said.
Even colleges, like the University of Southern Maine, have started teaching classes in how to hack. They’re cultivating the next generation of cyber security experts.
“Security is a problem that is never going to go away completely. But it’s a fight that needs to be fought. There needs to be a white hat for every black hat,” Rioux said.
Companies spend about $100 billion on cyber security efforts now. That’s expected to grow to about $160 billion over the next few years.