Ethical Hacking Sessions through Northumbria Cyber Clinic and North East Business Resilience Centre
Hacking doesn’t have to be a covert operation. In this case study, find out how Northumbria University’s Cyber Clinic has helped students show employers why ethical hacking skills are a great asset.
In recent years, there has been an increase in the number of online services that are available to users of smart devices. Even though this has made life easy for end-users, these systems and devices are increasingly becoming a target for malicious attackers. It’s therefore essential for organizations to protect their physical and digital assets. As a result, the demand for information security professionals and penetration testers is increasing year by year. Northumbria University is very much focused on producing highly skilled, in-demand graduates. Apart from what students learn in the classrooms through their modules, they also have opportunities to learn offensive and defensive security skills. Cyber Clinic is a project which was founded as a result of such an objective.
Background
Ethical hacking is a field where “White Hat Hackers” try to identify vulnerabilities in systems and issue patches so that malicious attackers will not be able to gain advantage of them. However, if the security professional doesn’t understand what the threats to the system are or how the system can be hacked, they won’t be able to protect the systems properly. It’s important for them to possess skills of hacking and learn about the methods hackers use to infiltrate systems, so they can resolve issues before they become dangerous. A study by IBM showed that 77% of respondents have not done a complete penetration testing for their assets and have no cybersecurity incident response plan applied consistently across their organisations. This shows how essential penetration testing and incident handling are for organizations to contain a cyber-incident effectively and help them to reduce the consequences of a breach. Organisations are under constant attack and are therefore turning towards security professionals to help them with a more systematic approach to business continuity in the face of a cyber-incident.
Overview
This worldwide demand for penetration testers and information security professionals means that our graduates could be employed even before graduation. However, with more and more universities and institutions offering similar computer network and security programmes, Northumbria University’s graduates need to be distinguishable from other graduates. Through in-depth hands on training to undergraduates, they can achieve practical exposure and be able to obtain industrial recognised certifications without any issues. With such a goal in our mind the Computer and Information Sciences department formed Cyber Clinic at Northumbria University, funded by the IoC (Institute of Coding). Through Cyber Clinic we provide hands on training on the advanced hacking tools and techniques used by malicious attackers and information security experts alike to gain access into an organisational asset.
Challenge
Many organisations are looking for students with more practical experience and for them to be experts in penetration testing even before graduation. These expectations are a result of ethical hacking viewed as a field in which students can learn and practice with advanced hacking tools on their own with minimal technical expertise. However, without proper guidance students can be unaware of how to formalize a penetration testing plan and how to identify what tools are potentially useful in the real world. Northumbria University’s Cyber Clinic is a place where students are introduced to such concepts and given hands on training on ethical hacking tools.
Solution
Our training sessions, that are exclusively for Northumbria students, have equipped our cyber security students with the latest skills and knowledge required to handle and respond to security incidents. The training programme we have conducted for the past two semesters has been a big success with many students joining Cyber Clinic to learn about ethical hacking. The training course is a comprehensive programme which enables our students to deal with any unforeseen cyber-attacks through a planned approach.
This ethical hacking course designed for Cyber Clinic students is run on the template of putting students in the driver’s seat of a hands-on environment with a systematic process. During the course the students are exposed to ways of retrieving information regarding the assets, understanding the security posture of the organisation and learning how to gain access using hacking tools. Students scan assets, test for vulnerabilities, gain access and also learn how to secure the systems from similar attacks. The students are taught the five phases of ethical hacking, ways to approach the target and succeed at breaking into the target. The five phases that students get trained on are reconnaissance, gaining access, enumeration, maintaining access, and covering their tracks.
Results
As a result of successfully running the Cyber Clinic programme for two semesters, we were able to take part in several projects. Selected Cyber Clinic students worked on a penetration testing task that was allocated by the University’s network security team. Students were involved in security assessments of the server infrastructure, monitoring intrusion detection reports, security assessments of IoT devices, foot printing university networking resources and security assessments of wireless devices. They were also given the opportunity to represent Northumbria University at Dynamo 2019 which was held at the University of Sunderland. The students and staff made a presentation on the importance of penetration testing and ethical hacking for IT tech sectors through various live demonstrations.
Our most celebrated success story is our collaboration with North East Business Resilience Centre (NEBRC). NEBRC is a non-profit organisation which exists to aid businesses in the north-east of England deal with cybercrimes. NEBRC offers various services such as online footprint assessment, cyber continuity exercises and network incident handling. As part of our collaboration with NEBRC, nine of Northumbria students were given the opportunity to work for the organization as cyber security consultants on a part time basis. A student who was hired by NEBRC said of the programme:
“I’m really pleased to be accepted. I think it’s a great platform to get my foot in the door and get experience, all while helping local businesses. I hope it will lead to more positions in the company and will for sure help me grow”.
The main objective of the Cyber Clinic is to make students industry ready. It is intended that the Cyber Clinic training programme will become a starting point for students to earn a well-paying and satisfying cyber security career. It is also hoped that our programme will get our students on the fast track to certification, and ultimately, be excellent candidates for future employers.
If you’re interested in working in cyber and information security, visit our course catalogue today to find out how you can start your digital skills journey, or visit the Northumbria University Cyber Clinic website.