Bug Bounty & Crowd-Sourced Cyber Security

The technology sector was the first market to adopt the crowd-sourced security model and continues to be the most important user in the market, followed by the finance and insurance sectors. The Coronavirus pandemic has dramatically accelerated the growth of crowd-sourcing in other sectors and to cope with the crisis, many organisations are reinventing  their operating models by digitising their activities. 

Given the growing importance of cyber security in the economic survival of companies, an increasing number of Chief Information Security Officers (CISOs) are turning to Bug Bounty programs and buying the services offered by ethical hackers

YesWeHack one of Europe's leading bug bounty platform, has announced exponential growth in Europe, with turnover growing by 100% in 2020.  During the same period, the number of completed bug bounty programs increased by 120% and the volume of identified vulnerabilities more than doubled.

In terms of the types of vulnerabilities detected, YesWeHack notes that the evolution of technologies has led to a slight but constant increase in vulnerabilities. 

These result from poor implementation or design flaws and access control that reduce the number of technical vulnerabilities in corporate networks and this trend is expected to increase as the trend towards hardening of the development of networks frameworks continues.

One reason for the popularity of the YesWeHack platform among ethical hackers can be attributed in part to the efficiency of the programs and the speed of payment. During 2020, for example, 55% of vulnerabilities were paid for less than one week after the report was submitted, furthermore. nearly 90% were paid within 28 days. It can be lucrative too - the biggest bonus paid to a YesWeHack hunter in 2020 was €10,000.

The time it takes to resolve vulnerabilities has also dropped significantly.T he average resolution time in 2020 was 44 days compared to 109 days in 2019. In addition, almost 70% of the vulnerabilities detected in 2020 by YesWeHack researchers were fixed within 28 days of acceptance. This increase can be attributed in part to the progressive integration of Bounty Bug within the software development lifecycle.

Ethical Hackers will play a central role in 2021 as many user organisation's understanding of the strategy has improved. An increasing number of them are finding the confidence to put crowd-sourced security into the mix  as a key component of their cyber security strategy.  

The attack surface is also likely to broaden as remote working and longer supply chains increase the number of vulnerable endpoints. Organizations cannot guarantee the security of their growing volume of third-party interactions, such as with logistics, customers, suppliers, service providers, and finance. “These interactions rapidly increase a company's attack surface and complicate the security of their digital footprint. Left unchecked, these new exposures can quickly become the target of future cyber-attacks.” commented Romain Lecoeuvre, CTO of YesWeHack.
 
As digital transformation quickly spreads across private and public sector organisations, it seems likely that ethical hackers will have a vital   role to play, with a significant adoption of the services that  firms like YesWeHack, Bugcrowd, HackerOne and others can offer in terms of speed, expertise and risk reduction. 
 

ZScaler:        Crowd Sourcing Week:       Bugcrowd:          YesWeHack:          HackerOne

You Might Also Read: 

Ethical Hackers Have Earned  $100m:

 

« Amazon Phishing Emails
Webinar: Architect a security-driven networking strategy in the AWS Cloud »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Wisegate

Wisegate

Wisegate is a community of IT experts providing advisory services on all areas of IT including security.

Interpol

Interpol

Interpol is the world’s largest international police organization. It is committed to the global fight against cybercrime, as well as tackling cyber-enabled crimes.

securitycurrent

securitycurrent

securitycurrent is a new media venture focused on reporting and analysis of security news and information by IT professionals for IT professionals.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

Planit

Planit

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

Certes Networks

Certes Networks

Certes Networks offers an encryption management solution that can be seamlessly integrated and is interoperable with any network.

Lifespan Technology

Lifespan Technology

Lifespan Technology provides the full range of IT Asset Disposition services. This includes hardware recycling and disposal, data destruction, and hardware resale.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Global Accelerator Network (GAN)

Global Accelerator Network (GAN)

Global Accelerator Network are a highly curated community of independent Accelerators, Partners and Investors.

Unlimited Technology

Unlimited Technology

Unlimited Technology offers a wide range of talent and experience, from assessing your requirements to implementing technologically advanced security solutions to best fit your needs.