Bug Bounty & Crowd-Sourced Cyber Security

The technology sector was the first market to adopt the crowd-sourced security model and continues to be the most important user in the market, followed by the finance and insurance sectors. The Coronavirus pandemic has dramatically accelerated the growth of crowd-sourcing in other sectors and to cope with the crisis, many organisations are reinventing  their operating models by digitising their activities. 

Given the growing importance of cyber security in the economic survival of companies, an increasing number of Chief Information Security Officers (CISOs) are turning to Bug Bounty programs and buying the services offered by ethical hackers

YesWeHack one of Europe's leading bug bounty platform, has announced exponential growth in Europe, with turnover growing by 100% in 2020.  During the same period, the number of completed bug bounty programs increased by 120% and the volume of identified vulnerabilities more than doubled.

In terms of the types of vulnerabilities detected, YesWeHack notes that the evolution of technologies has led to a slight but constant increase in vulnerabilities. 

These result from poor implementation or design flaws and access control that reduce the number of technical vulnerabilities in corporate networks and this trend is expected to increase as the trend towards hardening of the development of networks frameworks continues.

One reason for the popularity of the YesWeHack platform among ethical hackers can be attributed in part to the efficiency of the programs and the speed of payment. During 2020, for example, 55% of vulnerabilities were paid for less than one week after the report was submitted, furthermore. nearly 90% were paid within 28 days. It can be lucrative too - the biggest bonus paid to a YesWeHack hunter in 2020 was €10,000.

The time it takes to resolve vulnerabilities has also dropped significantly.T he average resolution time in 2020 was 44 days compared to 109 days in 2019. In addition, almost 70% of the vulnerabilities detected in 2020 by YesWeHack researchers were fixed within 28 days of acceptance. This increase can be attributed in part to the progressive integration of Bounty Bug within the software development lifecycle.

Ethical Hackers will play a central role in 2021 as many user organisation's understanding of the strategy has improved. An increasing number of them are finding the confidence to put crowd-sourced security into the mix  as a key component of their cyber security strategy.  

The attack surface is also likely to broaden as remote working and longer supply chains increase the number of vulnerable endpoints. Organizations cannot guarantee the security of their growing volume of third-party interactions, such as with logistics, customers, suppliers, service providers, and finance. “These interactions rapidly increase a company's attack surface and complicate the security of their digital footprint. Left unchecked, these new exposures can quickly become the target of future cyber-attacks.” commented Romain Lecoeuvre, CTO of YesWeHack.
 
As digital transformation quickly spreads across private and public sector organisations, it seems likely that ethical hackers will have a vital   role to play, with a significant adoption of the services that  firms like YesWeHack, Bugcrowd, HackerOne and others can offer in terms of speed, expertise and risk reduction. 
 

ZScaler:        Crowd Sourcing Week:       Bugcrowd:          YesWeHack:          HackerOne

You Might Also Read: 

Ethical Hackers Have Earned  $100m:

 

« Amazon Phishing Emails
Webinar: Architect a security-driven networking strategy in the AWS Cloud »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Direct Recruiters Inc

Direct Recruiters Inc

Direct Recruiters is a relationship-focused search firm that assists IT Security and Cybersecurity companies with recruiting high-impact talent.

Digital Hands

Digital Hands

Digital Hands is an award-winning managed security services provider.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

Swascan

Swascan

Swascan is the first all-in-one, GDPR Compliant, Cloud Security Suite Platform. GDPR Assessment, Web Application Scan, Network Scan, Code Review.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

Earlybird Venture Capital

Earlybird Venture Capital

Earlybird is a venture capital investor focused on European technology innovators.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

Vertex Cyber Security

Vertex Cyber Security

Vertex provide Cyber Security Services to small to large businesses including Advise, Consulting, Adding Security Partnership, Penetration Testing, ISO 27001-2 and Audits.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.

DynTek

DynTek

DynTek delivers exceptional, cost-effective professional IT consulting services, end-to-end IT solutions and managed IT services.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

WeVerify

WeVerify

WeVerify is a platform for collaborative, decentralised content verification, tracking, and debunking.

Genix Cyber

Genix Cyber

Genix Cyber provides world-class cybersecurity services that protect systems, cloud applications, infrastructure, critical data, and networks from evolving cyber threats.

Advania UK

Advania UK

Advania are one of Microsoft’s leading partners in the UK, specialising in Azure, Security, Dynamics 365 and Microsoft 365.