Exploring the Correlation Between Penetration Testing and Social Sciences
Kirk J. Turner
Department of Cybersecurity, Old Dominion University
CYSE 201S: Cybersecurity and Social Sciences
Professor Diwakar Yalpi
November 24, 2024
Role of a Penetration Tester
Cybersecurity is considered to be a broad occupational field, as there are many areas of specialization one can focus on when searching for a career. However, cybersecurity generally involves the protection and monitoring of systems, networks, and confidential data from cyber criminals and digital threats. With that being said, it’s vital for any business that operates in the online realm to ensure that their computer systems are secured and not at risk for any unforeseen attacks.
An effective way for companies to mitigate cyber threats is to incorporate a penetration tester into their cybersecurity department. A penetration tester’s duties include planning and performing simulated cyberattacks to carry out against their company’s computer networks. The purpose of these simulated threats is to find vulnerabilities and strengthen the security systems within a company’s networks. As such, it’s required of penetration testers to hold an expansive knowledge of the various forms of threats and methods utilized by cyber criminals (Akhilesh et al., 2022). Penetration testers play a large role in modern society as its mechanisms become increasingly digitized, therefore, this career also requires an understanding of the social aspects related to cybersecurity.
Human Factor and Penetration Testing
Penetration testers assist companies by providing feedback on how they can improve their cybersecurity defenses. Penetration testers must first assess an organization’s cyber infrastructure in order to pinpoint weaknesses in their security systems. However, this aspect of penetration testing does not only relate to cracks in hardware and software, in fact, vulnerabilities will often become apparent through human error. Unintended errors play a large part in the human factor of cybersecurity.
Cybercriminals are searching for any vulnerabilities within a business’s systems, whether that be technical faults or human errors. Furthermore, human errors can be considered harder to mitigate than system glitches because people oftentimes will conduct unpredictable behaviors. Penetration testers are aware of risky human behavior as well, so it is their responsibility to test and exploit any negative human factors. They might test employee behavior by sending phishing emails; employees that fail these kinds of tests would be reported, and penetration testers might encourage frequent, thorough training exercises in their feedback to the company. These types of tests can display how some individuals are more trusting of unidentified information than others, which has to do with the psychological aspect and thought processes behind human behavior.
It’s important for ethical hackers to test these concepts related to human action because cybercriminals are more likely to target individuals that are more trusting of or less likely to distinguish scam messages or fake data. Therefore, one reason organizations hire penetration testers is to exploit these human errors before a cybercriminal is able to.
Ethical Considerations
According to research from Tang (2014), it’s best for penetration testers to conduct their operations through a cyber criminal lens. This refers to testing security defenses using methods that a threat actor would, which requires ethical hackers to think and act like cyber criminals. However, testers must prioritize ethical neutrality in their work so no harm or damage falls upon a business and its employees or assets.
Additionally, testers can follow ethical guidelines by remaining objective while carrying out their daily work routines. This involves straying from the inclusion of personal opinions or feelings in workplace operations. Furthermore, penetration testers must emphasize user and data privacy when conducting testing processes. They must refrain from sharing any personal details regarding confidential user and system information.
Impact on Society and Marginalized Groups
Ethical hacking is a widely used method of testing an organization’s level of security, and it has proved to be extremely beneficial to society as a whole. First, it improves cybersecurity within businesses that perform in the digital realm by identifying any weaknesses found in their cyber infrastructure. Strengthening cybersecurity assists companies in avoiding cyber victimization by threat actors, and it promotes healthy cyber hygiene amongst individuals within businesses. Second, penetration testing provides new ways to prevent cyber attacks by allowing companies to more accurately predict what to expect from cyber criminals. Thus, negative impacts resulting from cybercrime, e.g. financial loss, data breaches, etc, can be reduced for individuals and organizations. Finally, penetration testing helps law enforcement to discover behaviors related to cyber criminals because penetration testers and threat artists work in a closely related manner when finding network vulnerabilities (Meyers et al., 2022). Due to the way ethical hackers have to think similarly to cyber criminals, law enforcement officials can take note of behaviors and thought processes performed by penetration testers and put that information towards building various criminal profiles of malicious online users.
Ensuring effective cybersecurity systems are in place within companies also aids marginalized groups because many of these individuals rely on organizations to help their communities on a day-to-day basis. Therefore, penetration tests are able to aid and protect many of the businesses that assist and provide tools for marginalized individuals and communities. For example, non-profit organizations are set up to aid the societies that they serve, and many marginalized groups rely heavily on these institutions for financial aid and other tools or opportunities. So, by ensuring a strong cyber infrastructure is in place for these organizations, penetration testing directly impacts marginalized groups in a positive manner.
Conclusion
To conclude, organizations need employees to fill roles within their cybersecurity departments now more than ever as technology has been advancing at a rapid pace. If businesses want to ensure their online defenses are optimized and lacking in vulnerabilities, then it’s important for them to incorporate regular penetration tests within their computer systems. Not only do ethical hackers benefit the companies they work for, but they also provide aid to society as a result of their in-depth understanding of network components and cybercrime.
References:
Akhilesh, R., Bills, O., Chilamkurti, N., & Chowdhury, M. J. M. (2022). Automated Penetration Testing Framework for Smart-Home-Based IoT Devices. Future Internet, 14(5), N.PAG. https://doi.org/10.3390/fi14100276
Meyers, B. S., Almassari, S. F., Keller, B. N., & Meneely, A. (2022). Examining penetration tester behavior in the collegiate penetration testing competition. ACM Transactions on Software Engineering and Methodology, 31(3), 1–25. https://doi.org/10.1145/3514040
Tang, A. (2014). A guide to penetration testing. Network Security, 2014(8), 8–11. https://doi-org.proxy.lib.odu.edu/10.1016/S1353-4858(14)70079-0