Justin Schoenle
Diwakar Yalpi
CYSE 201S
November 24, 2024
Career Paper
Penetration testing or ethical hacking is an occupation where it is people’s job to attempt to infiltrate and gain access to systems and services via a request from the actual company itself to test their own defense and to expose any vulnerabilities. In the online world cyber security threats are everywhere and can affect everyone as we are all online in one way or another. This is what makes pen testers so important as exposing these vulnerabilities doesn’t only affect and help the companies that do them but also everyone that uses the service or platform that company provides to the public.
One of the major processes in penetration testing a company involves the exploitation of human factors within that company. In an article titled “Decoding the Human Element: A Crucial Dimension in Ethical Hacking Explored in “Social Engineering: The Science of Human Hacking”” by Atharva Thorkar it is detailed that it is traditional thought that ethical hacking and pen testing mostly involves things such as firewalls, encryption, and other technical system related things when in reality social engineering and psychology play a major role in gaining access to systems. Hadnagy who is the author of the book that Thorkar reviews in his article stats that humans are the “weakest link in the security supply chain” this is why often in these pen tests the hacker will do a lot of social engineering and tailgating with employees at these companies due to their lack of training and awareness to threats. Identifying the company’s culture when it comes to threats and threat detection is a crucial step in penetration testing as understanding the people and the culture will better help you to socially manipulate them to achieve the task you’ve been assigned as a pen tester.
“A Systematic Literature Review on Penetration Testing in Networks: Future Research Directions” by Mariam Alhamed and M. M. Hafizur Rahman from the MPDI open access journals goes into tremendous detail on the broader scope of how pen testing and ethical hacking is done and why it is important. One thing that is highlighted in this journal is the fact that as the world becomes more and more “integrated” everyday cyber threats and the ability to commit these cybercrimes grows exponentially every day. It is stated in the journal that many of these risks and attacks come from strict competition between commercial and non-commercial businesses. These businesses together have millions and millions of people’s personal data that has all been entrusted to the companies. The journal emphasizes that a lot if not most of the attacks are from within the company by an angered employee. This employee most likely takes advantage of social engineering using other employees’ trust to gain access to other parts of the company’s systems. This is another great example of how human psychology and social engineering is a huge vulnerability whether it is being exploited by a pen tester or a real-world hacker.
Going deeper into the human aspect that is exploited by pen testers and ethical hackers, the journal titled “The Human Factor of Cyber Crime” by Benoît Dupontand Thomas Holt explains that as technology grows across the world amongst all different cultures and demographics the misuse and threats related to technology will continue to rapidly increase. It is highlighted that much of the research around cybercrime shows that it is “vital” to identify behavior, victimization, and to understand the nature of the offender’s behavior. This journal ties in perfectly with the other two sources on the social factors that pen testers directly exploit. Recognizing patterns of human error and behavior that they can expose to gain access to the company’s system.
In conclusion social engineering, human psychology, identification of behavior, and victimization are all among the biggest vulnerabilities in the world of cyber security and the world of technology in general. It is no surprise that one of the most important jobs in the cyber security world must use all these factors as much if not more than the technical methods used when fully on a system.
Work Cited
Alhamed, Mariam, and M. M. Hafizur Rahman. “A Systematic Literature Review on Penetration Testing in Networks: Future Research Directions.” Applied Sciences, vol. 13, no. 12, 1 Jan. 2023, p. 6986, www.mdpi.com/2076-3417/13/12/6986, https://doi.org/10.3390/app13126986.
Dupont, Benoît, and Thomas Holt. “The Human Factor of Cybercrime.” Social Science Computer Review, vol. 40, no. 4, 29 Apr. 2021, p. 089443932110115, https://doi.org/10.1177/08944393211011584.
Thorkar, Atharva. “Decoding the Human Element: A Crucial Dimension in Ethical Hacking Explored in “Social Engineering….” Medium, 13 Nov. 2023, medium.com/@corruptedbit2002/decoding-the-human-element-a-crucial-dimension-in-ethical-hacking-explored-in-social-engineering-eeae6d91e2fb.