Request Demo
Welcome to the Cygilant Blog

Crackers vs. Pen Testers: What You Need to Know

Posted by Security Steve on Feb 11, 2016



Hackers are part of the terrain that businesses today find themselves operating on. The term “hacker” has multiple meanings. Some, such as Richard M. Stallman, the creator of GNU, define the word quite broadly to signify someone who, with playful cleverness, explores the limits of what is possible for a given system. That does not necessarily entail criminal activity. Individuals who create modifications for a favorite game or a cherished device might refer to themselves as hackers and their inventions as hacks. In contrast, the term “cracking” is often used to refer specifically to what is commonly thought of as hacking: breaking into computer systems. So while a hacker may or may not be compromising digital networks, a cracker is.

Hackers—to return to the everyday sense of the term, someone who breaks into computer systems—have varied motivations. They can be politically motivated, or they may simply be out to steal for financial gain. Many hackers are vigilantes who operate outside of the law. Before discussing the threat these foes present, it is important to distinguish who the good guys are: pen testers.

Pen Testers

A pen test—short for penetration test—is an authorized attempt to break into a secure network. Hackers who conduct penetration tests are referred to as pen testers. They are often consultants hired by a business or other organization for the express purpose of seeking out vulnerabilities and then, rather than damaging or stealing anything, documenting the problems so that they can be fixed. Regular penetration tests are required by some compliance frameworks, such as the PCI DSS.


There are several considerations organizations need to think over before hiring a pen tester. Chief among them is the need for pen testers to come with a trustworthy reputation. It helps to look for individuals who publish vulnerabilities responsibly and participate in information security conferences. After all, organizations are trusting pen testers with their security. Finally, good communication skills are a must, because the point of the pen test is for the pen tester to communicate the security flaws to the organization. In other words, these hackers actually improve security.

Critical Threats and Recent Hacks

A survey of the latest data breaches reminds us of the risk that criminal hackers pose. 2016 has barely begun and already some new hacks have been detailed. The Hyatt hotel chain explained that several of its hotels last year were hit by malware that stole guest credit card information. The cryptocurrency exchange Cryptsy announced this January that it had been hacked for $5.7 million by an IRC Trojan. A group calling themselves CWA ("Crackas With Attitude") has claimed responsibility for the hacks of several government employees, including National Geospatial-Intelligence Agency executive Vonna Weir Heaton, President Obama's senior adviser on science and technology John Holdren, and Director of National Intelligence James Clapper. Ordinary individuals may also become collateral damage in political hacks such as these—or in the recently declared war on ISIS/Daesh by Anonymous.


These hacks show that no one—not even top intelligence community officials—is free from risk. To secure themselves against the critical threats posed by criminal hackers, businesses can employ the use of verified pen testers, but can also turn to managed security services that provide network security monitoring. A service such as EiQ's SOCVue can add to the efforts of in-house security teams by supplying round-the-clock security monitoring of company networks.


More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today!


Request Free Demo Now!


Photo: welcomia/Shutterstock


Tags: Network Security, Cybercrime, Cyber Attack, Data Breach, Cybersecurity, Hacking, Pen Test

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Evaluate Cygilant Services at no cost during the trial period.

SOCVue Free Trial

Most Popular Posts

Posts by Topic

See All