According to research issued last Tuesday by a renowned bug bounty company, ethical hackers helped avoid more than US$27 billion in crimes over the previous year.
Bugcrowd stated in its yearly Inside the Mind of a Hacker report that ethical hackers using its platform we’re able to avert criminal losses to firms by disclosing weaknesses that would otherwise have gone undiscovered.
The analysis is based on a poll of platform users as well as security research done from May 2020 to August 2021, as well as millions of proprietary pieces of information on threats collected from almost 3,000 security applications.
Hacking is demonized by the imagery of crooks clad in hoods, but in reality, ethical hackers are held in high esteem and are creative professionals.
According to the survey, nearly three out of every four ethical hackers (74 percent) felt that flaws had worsened since the beginning of the Covid-19 outbreak.
“Several vulnerabilities and weaknesses were exposed as a result of the quick transformation that practically everyone underwent as a result of the pandemic,” said John Bambenek, a principal threat hunter at Netenrich, a San Jose, California-based IT and digital security operations firm.
Change in the Risk Landscape
Minimal doubt exists denoting the vulnerability environment has evolved since the pandemic began, according to Jake Williams, who is the co-founder and CTO of Breach Quest, a Dallas-based incident response firm.
Security is the confluence of integrity, accessibility, and privacy because the change to remote work occurred so swiftly, security concerns were neglected in favor of availability.
The epidemic has also boosted the need for additional employees at cybersecurity firms. Certified Ethical Hacking is the most significant qualification available to cyber-newbies, according to Abhijit Ghosh, CTO, and co-founder of Confluera, a Palo Alto, Calif.-based cyberthreat monitoring software manufacturer.
Through hack-a-thons, ethical hackers demonstrate their capabilities by mimicking real-life scenarios where they have to counter an actual cyber threat or attack.
Essential Ongoing Monitoring
According to the Bugcrowd analysis, over nine out of ten ethical hackers questioned (91 percent) admitted that moment in time testing, which is what they perform, cannot safeguard a company year-round. “Quick, very modest encounters combined with the capacity to gradually measure talents over time will certainly tilt the axis for organizations”.
Bug tracking has significance in the cybersecurity area but still comes under the category of concentrating emphasis on post-deployment and also being reactionary, according to Archie Agarwal, founder, and CEO of Threat Modeler, an automated security modeling service based in Jersey City, New Jersey.
Security experts held in high regard should take it upon themselves to identify loopholes well in advance of an attack.
Hacker Way of Life
The study also includes data on the lifestyle, competence, and motives of ethical hackers on the Bugcrowd platform, as well as many “up close” profiles of various hackers. “I’m constantly fascinated by the resourcefulness as well as the entrepreneurial spirit of people attracted to ethical hacking,” said Casey Ellis, Founder, and CEO of Bugcrowd. “A recent poll conducted found that 79 percent of hacktivists leveraged the internet to acquire knowledge and skills.”
According to Craig Young, a chief security researcher at Tripwire, a cybersecurity vulnerability detection, and prevention business based in Portland, Oregon, bug bounty programs are used as a type of crowdsourcing security testing.
Despite maturity, no team can capture 100 percent of the gaps, nevertheless but compensation efforts greatly reduce the instances of undetected vulnerabilities.
Advantage of ‘Several Analyses’
“Multiple eyes, particularly with the proper expertise and training, is one of the finest things that can be done to detect and eliminate bugs,” Roger Grimes, a defenses enthusiast at KnowBe4, a firm known to train and provide security awareness in Clearwater, Florida noted. Irrespective of how excellent your internal bug-detection team is, an external one will always uncover bugs your inside team overlooked. Bug bounty exercises enable external persons in conjunction with in-house teams to find vulnerabilities in a timely manner.
Given the advantages that ethical hackers may bring to a company, there are still patches of mistrust. Numerous sectors are terrified of bug bounties as well as ethical hackers because they don’t grasp the benefits they bring to the table.
They assume granting hackers access to their program will only increase general maliciousness because they may create back doors or plant malicious code, but in essence, the role of ethical hackers is to find loopholes. Nonetheless, he stated that things had gotten better with time. “Most organizations would not have allowed bug bounty programs a decade ago,” he says. A multitude of bug bounty activities are already in place and individuals are invited to partake to uncover vulnerabilities before hackers in exchange for monetary compensation.