Hackers Paid Big Money To Improve Cybersecurity

A new report shows that a growing number hackers are being paid big bounties by companies, organisations, and even the US government to discover bugs and protect the platforms and products that consumers use every day.

The report was released by a San Francisco company called HackerOne which serves as a platform that links hackers with companies and organisations that hope to improve their cybersecurity.

The data came from a survey of some 1,700 people and focused on so called "white hat" or ethical computer hackers who are collecting money or bug bounties to help protect companies instead of exploit their vulnerabilities.

The survey shows those bounties are increasing in number and size.

"The business has grown dramatically in the past year. The government is now a pioneer in this, which is positive...and the top bounties have increased a lot," said Marten Mickos, CEO of HackerOne, who added that the top bounty claimed is $100,000 but some clients offer up to $250,000 for discoveries of critical vulnerabilities.

HackerOne says a wide range of companies across different sectors are now using hackers, including companies such as Starbucks, Google, General Motors, Slack, Uber, Nintendo, Snapchat, Goldman Sachs, Toyota, and the US military.

"The US Air Force is highly secure but it took our hackers only 8 minutes to find the first vulnerability and in total we found something like 200 holes in their systems," said Mickos.

Joel Margolis, 20, is a junior in college and when he looks at his laptop screen, it's often not to play games or shop online. He's already become an accomplished hacker in a short time.

"I've been hacking for probably about 4-5 years," said Margolis, who adds he's already found bugs for major tech companies.

"Uber, Yahoo, Oath, AOL, all these companies. Huge companies. Facebook," Margolis said, "I found a bug on Google a couple months ago and like, anybody would expect that Google has the best security because everyone uses it. But just because it has a lot of use doesn't mean it has great security."

The report also looked at companies on the Forbes Global 2000 and found one common flaw. The report says 93% of those companies had no policy to receive, review, and resolve bug reports from outside their company.

Rebecca Jeschke, a spokeswoman and digital rights analyst with the Electronic Frontier Foundation says companies sometimes turn a blind eye to bugs.

"Lots of companies like to think that if no one knows about the bug then no one will exploit it. But that's not true," said Jeschke.

HackerOne's CEO says even in the tech-savvy Bay Area, there is a need for improvement.

"We have a problem in the world and in the SF Bay area that cyber security and computer science have been seen as two separate practices. They need to be one," said Mickos, "We need to design cybersecurity into the code from the very beginning."

HackerOne says their platform alone draws some 200,000 hackers to pursue bug bounties and they expect the number of these "white hat" hackers will only continue to grow.

KTVU:

You Might Also Read: 

US Air Force Hacked By Teenager:

HBO Offers Hackers $250,000 'bug bounty':

 

« Business Will Benefit From Artificial Intelligence
EU Cybersecurity Act Could Impact Cross-Border Data Flows »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

CERT.br

CERT.br

The Brazilian national Computer Emergency Response Team

Smokescreen

Smokescreen

Smokescreen's IllusionBLACK employs deception technology to detect, deflect and defeat advanced hacker attacks.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

CyberSecurityTrainingCourses.com

CyberSecurityTrainingCourses.com

Cyber Security Training Courses is a portal to help candidates find the best courses to progress their career within the IT security industry.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

Keyavi Data

Keyavi Data

With Keyavi’s evolutionary data protection technology, your data stays within the bounds of your control in perpetuity.

Orchestra Group

Orchestra Group

Orchestra Group offer a unique integrated cybersecurity defense platform with proactive security policy management and enforcement orchestration.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

Readynez

Readynez

Readynez is the digital skills concierge service that helps you ensure your workforce has the tech skills and resources needed to stay ahead of the digital curve.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.

Insane Cyber

Insane Cyber

Insane Cyber make cybersecurity easier to manage through automated, easy-to-use software and expert support and partnership.