CyAN is immensely proud to announce its support for ‘BLACK IS ETHICAL,’ the brainchild of one of our board members, Inssata Ricourt. ‘BLACK IS ETHICAL’ is an initiative that unites experts in ethical hacking, some of whom are from the African diaspora or have connections to Africa. They generously share their knowledge and experiences with local, regional, and international stakeholders.
The digital world has become a battleground where malicious actors seek to exploit the vulnerabilities of systems and users. In 2022, the number and variety of cyber-attacks increased, affecting all sectors of activity and all categories of the population.
According to ANSSI, the French national agency for information systems security, the cyber threat level remained high in 2022 despite the Russian-Ukrainian conflict and its repercussions in cyberspace. The main trends observed are as follows:
- An increase in ransomware attacks, which aim to encrypt victims’ data and demand a ransom to recover it, often accompanied by a threat of public disclosure of the data if payment is not made.
- An upsurge in online scams that exploit the credulity or fear of Internet users to extract money or personal information, for example, by posing as official bodies or using phishing techniques.
- The persistence of espionage and sabotage campaigns aimed at breaking into the computer networks of sensitive or strategic organisations, such as public authorities, businesses, or critical infrastructures, in order to steal confidential information or cause malfunctions.
The following figures illustrate the seriousness of the situation:
- In 2022, more than 5 billion pieces of personal data were compromised worldwide, marking a 25% increase compared to 2021.
- In 2022, the average cost of a ransomware attack reached $200,000, reflecting an 18% increase compared to 2021.
- In 2022, the number of attacks against critical infrastructures surged by 300% compared to 2021.
The Market for Computer Vulnerabilities
We are also witnessing strong growth in the market for computer vulnerabilities.
A zero-day vulnerability is an anomaly or weakness in software, an operating system, or a security measure that can be exploited by one or more threats and has not yet been detected or corrected by software publishers or developers. It represents a potential entry point for hackers who can exploit it to infiltrate, damage, or steal data or resources.
Zero-day vulnerabilities are exceptionally rare and valuable because they offer a strategic advantage to those who possess them.
There is, therefore, an entire legal and illegal market for the sale, purchase, or exchange of these vulnerabilities, involving various players such as security researchers, specialist companies, government, military, or intelligence agencies, and cybercriminal groups.
The price of a zero-day vulnerability can vary based on its complexity, rarity, impact, and lifespan, but in some cases, it can reach millions of dollars.
Why Businesses and Public Authorities Need to Take Action
Faced with this situation, and in an increasingly digital and connected world, it is imperative that businesses and public authorities protect themselves, their data, and their information systems because risk management is undeniably fundamental to the development of the economy and society.
In today’s digital revolution, data protection is as much a question of sovereignty for governments as it is a matter of competitiveness for businesses.
Structuring a high-performance cybersecurity and artificial intelligence ecosystem is therefore a necessity for governments, particularly in Africa.
The Challenges of Ethical Hacking
Ethical hacking, therefore, appears to be an effective way of testing and improving the security of digital systems by adopting the viewpoint and methods of computer hackers while respecting the law and ethics.
Ethical hacking presents several challenges:
- It strengthens IT security by detecting and correcting vulnerabilities before they can be exploited by cybercriminals.
- It contributes to the confidence of users and customers in digital services by guaranteeing the protection of their personal and confidential data.
- It fosters innovation and competitiveness in businesses, enabling them to comply with current standards and regulations and differentiate themselves through the quality of their cybersecurity.
Enter “Black is Ethical”
It is against this backdrop that the “Black is Ethical” initiative was launched, particularly to support businesses and administrations on the African continent in the fight against cybercrime (fraud) and to assist them with their digital transformation.
“Black is Ethical” is an initiative that brings together experts in ethical hacking, some from the African diaspora or with links to Africa, who share their know-how and experience with local, regional, and international players.
Black is Ethical’s distinguishing features are bolstered by its recognised expertise, the relevance and reliability of its vulnerability research, and its independence.
Black is Ethical is supported by the Cybersecurity Advisors Network (CyAN) and is a member of the Good Faith Cybersecurity Researchers Coalition (GFCRC).
Black Is Ethical helps raise awareness of cybersecurity issues at various international events such as conferences and forums.
It plays an active role in standardising the ethical hacker profession through its participation in working groups.
It also supports the creation of a network of ethical hackers and invites all hackers to join its platform.