‘Why young people start and continue ethical hacking’ by Judith Noordegraaf.

We are pleased to announce that NFIR’s own Judith Noordegraaf, in collaboration with Marleen Weulen Kranenbarg, has conducted groundbreaking research on the world of young ethical hackers. Her research sheds light on what drives young people to choose a career in ethical hacking and what continued to motivate them to continue doing so.

The findings of this study reflect our own experience and beliefs at NFIR. Ethical hacking is not just a career, but a moral calling to expose and fix vulnerabilities in the digital world. We are proud that our employees pursue such important research and initiatives.

Automatic concepts

"The young ethical hackers took a cybersecurity perspective: They felt the need to protect people and systems. According to them, it's just common sense to report a vulnerability when you find one. After all, in the physical world, they would also alert when a front door is open."

This research highlights the personal and social aspects involved in young people’s decision to begin and continue ethical hacking. These ethical hackers have a crucial role in protecting our online environment and closing digital doors that would otherwise remain open. We fully support the findings of the study and are committed to a more secure digital future with the help of young ethical hackers.

For the full study: https://onlinelibrary.wiley.com/doi/10.1111/1745-9133.12650

Concise summary of research.:

Article: ‘Why young people start and continue with ethical hacking’

By Judith Noordegraaf and Marleen Weulen Kranenbarg

Inthe era of explosive growth in the field of ICT, where digital security is of paramount importance, ethical hacking is emerging as an essential and dynamic field. Ethical hackers, often referred to as “white-hat hackers,” play a crucial role in identifying and fixing vulnerabilities in computer systems, networks and software applications. This research delves into the intriguing world of young ethical hackers and aims to understand why they choose this unique path.

Introduction

Ethical hacking, the practice of identifying and addressing security vulnerabilities within digital systems, is a constantly evolving field. It is a world where individuals use their technical prowess and insatiable curiosity to protect the digital domain. But just what drives young people to embark on this journey? What motivates them to walk the thin tightrope between a digital vigilante And a cyber criminal? These questions and more are answered in the study.

Research summary

This qualitative study examined through interviews the individual and social aspects in the lives of 15 hackers who began ethical hacking at an early age, before age 18. The study examines what motivated and prompted them to begin ethical hacking and how and why they went through with it. The results show that individual aspects, such as an early interest in ICT (Information and Communication Technology), motivation to make systems more secure and viewing reporting vulnerabilities as a moral duty, contribute to the onset of ethical hacking. Social aspects, such as role models, mainly play a role in the further development of ethical hackers’ careers. For example, peers, parents, friends and hacker communities have a motivating and stimulating effect on young ethical hackers. Similarly, positive reactions from public and private system owners to reporting the vulnerabilities can further encourage the development and self-image of ethical hackers.

Policy implications

Unlike criminal hackers, ethical hackers improve cybersecurity, such as by reporting weaknesses or flaws in computer systems. Today, more and more public and private organizations around the world are creating cybersecurity policies around ethical hacking. Interest in hacking usually arises at a young age, making it important to gain knowledge about what encourages and motivates young people to start and continue ethical hacking in order to shape these policies more fully. The results show that recognition and responses from system owners are important in the career of ethical hackers. The study’s recommendations may encourage more young people interested in hacking to take the ethical route. This increases the security of public and private organizations, reducing opportunities for criminal hackers.

SECURITY INCIDENT AT YOUR ORGANIZATION?

The next 30 minutes are crucial!

The first 30 minutes after a cyber security incident are crucial because a quick and adequate response can limit the damage. In addition, further spread of the attack can be prevented and essential evidence can be secured for further investigation.

Our Computer Emergency Response Team (CERT) is available 24/7 to support businesses and organizations during IT security incidents.

SECURITY INCIDENT AT YOUR ORGANIZATION?

The next 30 minutes are crucial!

The first 30 minutes after a cyber security incident are crucial because a quick and adequate response can limit the damage. In addition, further spread of the attack can be prevented and essential evidence can be secured for further investigation.

Our Computer Emergency Response Team (CERT) is available 24/7 to support businesses and organizations during IT security incidents.

Voer hier de inhoud in. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Pen tests

Penetration test?

Pen tests

Penetration test?

Pen tests

Penetration test?

Wat is MDR?

Managed Detection and Response (MDR) is een gespecialiseerde cybersecuritydienst die organisaties proactief beschermt tegen cyberdreigingen door een combinatie van geavanceerde technologie en menselijke expertise. Deze dienst biedt 24/7 monitoring, diepgaande analyse en proactieve dreigingsopsporing, met als doel het snel detecteren, onderzoeken en actief reageren op incidenten om de impact te minimaliseren en datalekken of ransomware-aanvallen te voorkomen, vanuit de aanname dat inbreuken onvermijdelijk zijn.

Wat is Security Monitoring

Security Monitoring is een essentieel onderdeel van Managed Detection and Response (MDR) en omvat de continue, 24/7 bewaking van de IT-omgeving van een organisatie, inclusief netwerken, systemen, applicaties, endpoints en cloudomgevingen. Het maakt gebruik van geavanceerde technologieën zoals AI en machine learning om loggegevens te filteren en te analyseren, verdachte activiteiten te detecteren en afwijkingen te identificeren.

Deze geautomatiseerde detecties worden vervolgens gevalideerd en geprioriteerd door menselijke beveiligingsspecialisten, die context en expertise toevoegen om vals-positieven te verminderen en echte dreigingen te onderscheiden. Het doel is om real-time inzicht te bieden in de beveiligingsstatus, kwetsbaarheden te identificeren en een snelle respons op incidenten mogelijk te maken, wat cruciaal is voor naleving van regelgeving zoals NIS2 en DORA.

Pentesten

Penetratietest laten uitvoeren?

 

Pentesten

Penetratietest laten uitvoeren?

 

Pen tests

Penetration test?

Pen tests

Penetration test?

Pen tests

Penetration test?

Pentesten

Penetratietest laten uitvoeren?

 

What is MDR?

Managed Detection and Response (MDR) is a specialized cybersecurity service that proactively protects organizations from cyber threats through a combination of advanced technology and human expertise. This service provides 24/7 monitoring, in-depth analysis and proactive threat detection, with the goal of quickly detecting, investigating and actively responding to incidents to minimize impact and prevent data breaches or ransomware attacks, based on the assumption that breaches are inevitable.

What is Security Monitoring

Security Monitoring is an essential component of Managed Detection and Response (MDR) and involves the continuous, 24/7 monitoring of an organization's IT environment, including networks, systems, applications, endpoints and cloud environments. It uses advanced technologies such as AI and machine learning to filter and analyze log data, detect suspicious activity and identify anomalies.

These automated detections are then validated and prioritized by human security specialists, who add context and expertise to reduce false positives and distinguish true threats. The goal is to provide real-time visibility into security status, identify vulnerabilities and enable rapid incident response, which is critical for regulatory compliance such as NIS2 and DORA.

Secure/evidence seizure - Secure phones, laptops & devices

NFIR offers support in the execution of digital evidence seizures. Depending on the situation, we can assist you directly with this based on our license as a Private Investigation Agency, granted by the Ministry of Justice and Security, or in cooperation with a bailiff.

We ensure that a snapshot is taken of relevant assets so that they can be examined at a later date if necessary. A non-exhaustive list of devices where we provide support includes:

  • Phones
  • Laptops
  • Tablets
  • NAS systems
  • Cameras
  • Cloud storage (Google Drive, Dropbox, Microsoft 365, OneDrive, SharePoint, etc.)
  • And many more, as long as it contains a 0 or a 1

In addition to securing and preserving potential evidence, NFIR also provides support in analyzing it. We can investigate both technical and tactical issues.

Examples:

  • Technical issue: "Was the device hacked at the time of the situation?"
  • Tactical issue: "Is there evidence to suggest possible forgery of these documents?"

Are you in need of these or any of our other services? If so, please contact us here. We will make sure you get a concrete answer to your questions as soon as possible.

What is surety or evidence seizure?

Evidence seizures and sureties are legal measures used to secure evidence or property in legal proceedings.

Evidence seizure is a procedure in which a party, often with court approval, seizes documents, digital data or other evidence. This is done to prevent such information from being lost, destroyed or otherwise inaccessible. Evidence seizures are often used in civil cases, such as intellectual property disputes or fraud investigations.

Securing has a broader application and can refer to securing goods, property or financial resources to protect rights or to fulfill a legal obligation. This can include criminal, civil or administrative law contexts. Consider seizing assets in bankruptcies or blocking bank accounts in cases of suspected money laundering.

Both measures aim to prevent important documents or resources from disappearing before a judge can rule on a case.

Pentest consultation

Pentesten

Penetratietest laten uitvoeren?

 

Pentesten

Penetratietest laten uitvoeren?

 

Pentesten

Penetratietest laten uitvoeren?

 

Pentesten

Penetratietest laten uitvoeren?

 

Pen tests

Penetration test?

Voer hier de inhoud in. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Voer hier de inhoud in. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Has my company been hacked (Compromise assessment)?

A complete check-up of your digital environment!

The crown jewels of many companies today are digital. That no third parties are secretly accessing that important database? Or have been watching that one server for ages? NFIR helps with a compromise assessment!

During a compromise assessment, NFIR's experts take a close look at all or part of your network, depending on your requirements. We will thoroughly investigate whether there is or has been intrusion by unauthorized parties on your systems. We do this using Threat Intelligence reports and already known Indicators of Compromise; indicators that indicate that something may be amiss.

This is different from a pen test, which can be used preventively to look for security vulnerabilities. In a compromise assessment, NFIR looks for actual misuse of these potential leaks.

If you have doubts about the integrity of your network, perhaps because of a previous incident or hard to pinpoint alerts from your monitoring systems, NFIR is here for you!

Pentest consult

zekerstellen/bewijsbeslag - Veiligstellen telefoons, laptops & apparaten

NFIR biedt ondersteuning bij het uitvoeren van digitaal bewijsbeslag. Afhankelijk van de situatie kunnen wij u hier direct bij assisteren op basis van onze vergunning als Particulier Onderzoeksbureau, verleend door het Ministerie van Justitie en Veiligheid, of in samenwerking met een deurwaarder.

Wij zorgen ervoor dat een momentopname wordt gemaakt van relevante goederen, zodat deze indien nodig op een later moment onderzocht kunnen worden. Een niet-uitputtende lijst van apparaten waarbij wij ondersteuning bieden, omvat:

  • Telefoons
  • Laptops
  • Tablets
  • NAS-systemen
  • Camera’s
  • Cloudopslag (Google Drive, Dropbox, Microsoft 365, OneDrive, SharePoint, etc.)
  • En nog veel meer, zolang het maar een 0 of een 1 bevat

Naast het veiligstellen en bewaren van mogelijk bewijsmateriaal, biedt NFIR ook ondersteuning bij het analyseren ervan. Wij kunnen zowel technische als tactische vraagstukken onderzoeken.

Voorbeelden:

  • Technisch vraagstuk: “Was het apparaat gehackt ten tijde van de situatie?”
  • Tactisch vraagstuk: “Is er bewijs dat wijst op mogelijke vervalsing van deze documenten?”

Heeft u behoefte aan deze of een van onze andere diensten? Neem dan hier contact met ons op. Wij zorgen ervoor dat u zo snel mogelijk een concreet antwoord krijgt op uw vragen.

Wat is zekerstellen of bewijsbeslag?

Bewijsbeslag en zekerstellen zijn juridische maatregelen die worden gebruikt om bewijs of eigendommen veilig te stellen in juridische procedures.

Bewijsbeslag is een procedure waarbij een partij, vaak met toestemming van de rechter, beslag legt op documenten, digitale gegevens of andere bewijsmiddelen. Dit wordt gedaan om te voorkomen dat deze informatie verloren gaat, vernietigd wordt of anderszins onbereikbaar wordt. Bewijsbeslag wordt vaak ingezet in civiele zaken, bijvoorbeeld bij geschillen over intellectueel eigendom of fraudeonderzoeken.

Zekerstellen heeft een bredere toepassing en kan slaan op het veiligstellen van goederen, eigendommen of financiële middelen ter bescherming van rechten of ter uitvoering van een juridische verplichting. Dit kan onder andere gebeuren in strafrechtelijke, civielrechtelijke of bestuursrechtelijke contexten. Denk aan het in beslag nemen van activa bij faillissementen of het blokkeren van bankrekeningen bij vermoedens van witwassen.

Beide maatregelen hebben als doel te voorkomen dat belangrijke stukken of middelen verdwijnen voordat een rechter zich over een zaak kan uitspreken.

Is mijn bedrijf gehackt? (Compromise assessment)

Een volledige check-up van uw digitale omgeving!

De kroonjuwelen van veel bedrijven zijn tegenwoordig digitaal. Dat er geen derde partijen stiekem toegang hebben tot die belangrijke database? Of al tijden mee zitten te kijken op die ene server? NFIR helpt met een compromise assessment!

Tijdens een compromise assessment nemen de experts van NFIR uw netwerk geheel of gedeeltelijk, afhankelijk van uw wens, onder de loep nemen. We gaan goed onderzoeken of er op uw systemen sprake is of is geweest van intrusie door ongeautoriseerde partijen. Dit doen wij aan de hand van Threat Intelligence rapporten en reeds bekende Indicators of Compromise; indicatoren die erop wijzen dat er mogelijk iets niet in de haak is.

Dit is anders dan een pentest, welke preventief kan worden ingezet om te zoeken naar beveiligingslekken. Bij een compromise assessment gaat NFIR op zoek naar daadwerkelijk misbruik van deze mogelijke lekken.

Als u twijfelt aan de integriteit van uw netwerk, misschien vanwege een eerder incident of vanwege moeilijk te duiden waarschuwingen van uw monitoring systemen, staat NFIR voor u klaar!

SECURITY INCIDENT AT YOUR ORGANIZATION?

The next 30 minutes are crucial!

The first 30 minutes after a cyber security incident are crucial because a quick and adequate response can limit the damage. In addition, further spread of the attack can be prevented and essential evidence can be secured for further investigation.

Our Computer Emergency Response Team (CERT) is available 24/7 to support businesses and organizations during IT security incidents.