IBM has quietly started a hacking-for-hire business service for its top customers, as part of its push to provide a total solution that includes security testing.
The effort, which follows on the heels of similar efforts by banks to prevent physical break-ins, is aimed at making sure companies can block any intruders looking for corporate secrets or other data.
"We call this ethical hacking," says John Patrick, VP of Internet Technology at IBM. "We will break into their company for a fee, and for a subscription fee we will [further] try twice a month to break in."
The program was borne out of concern from IBM’s customers that they were prone to intrusion through either e-mail or e-commerce. But Patrick says the biggest threat to companies still remains policy, not technology.
"It’s a matter of what is management doing to ensure they have the best security," he says. "What is their policy regarding passwords? There is technology available to stop hacking, but what is their management policy and what is their audit policy."
He says the most common method of entrance is when employees hold open doors, out of courtesy.