For about a year now Facebook has had a program called the security bug bounty program which allows “white hats” or ethical hackers as you might know them better as, to attack their website and show them the vulnerabilities of their network. This has been a some what unrewarding program since the data that a hacker may be able to steal is worth much more than what Facebook was willing to pay out. Now Facebook has started to increase the payout to give more incentive to users to report an attack method and increase their security on both their website as well as their corporate network.
This seems to make a lot of sense, who else is better to show you your weak spots than the hackers that do it for a living? This program should be adopted by a lot more companies since very few companies decide to go out and have a security audit done on a regular basis which is what should be done as well. A security audit is usually done by a trained professional to find any sort of vulnerable weak spots in both physical as well as virtual points of entry. There are a few different types of security audits as well.
There is an internal information security audit which is done by someone that knows the entire network and bases their attacks on that knowledge. There is also an external information security audit that is done by someone who knows absolutely nothing about the network and tries to gather as much as he can by external means. And the third type of information security audit is someone who is a mixture of both, an external source that has limited amount of internal knowledge about the network. Usually you will want to go with the white hacker that knows nothing about the internal network and see how much information he can gather without any internal help.
As a note of closure, it is not a matter of if you will be attacked these days its a matter of when and how prepared you are for the attack. Being proactive is something that many businesses these days are not willing to do since it costs them money up-front to do so, but if you think of how much money you are saving yourself from an attack which could cost you double or triple the amount you spend to prevent it.