Cybersecurity is a constant headache for companies of all sizes. Enterprises of all sizes are vulnerable to hacking – whether by state-sponsored actors, commercially driven criminal organisations, or some kid in a basement with too much time on their hands.
Intrusions can take a variety of guises, with ransomware proving particularly brutal in recent years. The Verizon Business 2022 Data Breach Investigations Report estimates that ransomware attacks have risen more in the last year than in the previous five.
Along with the range of technical precautions and behaviour change that IT teams are already deploying, there’s a human-powered approach: hackers-for-hire. There’s been a boom in tech companies providing ethical (or ‘whitehat’) hacking expertise to help enterprises understand their vulnerabilities.
HackerOne has a client list including Uber, Spotify, Twitter and Goldman Sachs. Their ‘hacker-powered security platform’ puts companies in contact with the world’s leading security experts, penetration testers and cybersecurity researchers. They coordinate bug bounty programmes – where hackers are offered rewards for finding vulnerabilities and flagging them with the company concerned, rather than hawking them on the dark web.
Alongside its technical security solutions (application scanning and surface monitoring), Detectify provides crowdsourced expertise from its global community of ethical hackers. Each time one of their whitehats finds a vulnerability, Detectify builds it into their automated scanner and makes it available to their clients.
They coordinate bug bounty programmes – where hackers are offered rewards for finding vulnerabilities and flagging them with the company concerned, rather than hawking them on the dark web.
Bugcrowd takes a similar approach. Clients define the attack surface they want to check – such as a web application front end, or a mobile or IoT platform. Bugcrowd can then push it out to the research community, or to a limited set of experts. The hackers set to work with their digital pickaxes, and share whatever chinks they find in the company armour.
When malicious hackers are the biggest threat to your business, it helps to have your own code warriors onside. As Bugcrowd founder Casey Ellis puts it: “Cybersecurity isn’t a technology problem — it’s a human one — and to compete against an army of adversaries we need an army of allies.”