Why leading companies are paying hackers for security help
Cybercriminals have never been so notorious. As technology innovation seems to outpace security defenses, organizations are turning to ethical-hackers to assess risk and see where they are most vulnerable. Getting hacked isn’t just a concern for tech companies anymore. No matter the industry, a breach of information can have devastating consequences.
Take two of the most recent breaches: British Airways and Dixons Carphone Warehouse. This past summer, intruders were able to steal the data of more than 380,000 British Airways customers, which resulted in £56 million ($72.6 million) in compensation charges. This figure doesn't include legal fees, the cost of repairs and third-party assistance, and, of course, reputation damage. Earlier this summer, criminals were able to gain unauthorised access to 5.9 million customers’ cards and 1.2 million personal records. The breach impacted 10 million customers in sum and costs for the breach are still being calculated.
How do companies make sure they don’t fall victim to a data breach? Keeping up with the evolving threat landscape is no easy task. Fixing vulnerabilities is time consuming, and with most security teams lacking headcount and resources, taking the time to hunt for new vulnerabilities falls lower on the priority list. Some organizations like Starbucks and Shopify are allowing the broader ethical hacking community to do some of that bug hunting for them, allowing internal teams to spend time fixing bugs and mitigating risk faster than ever before.
Other companies can similarly benefit by implementing their own responsible disclosure or bug bounty programs to hear about a potential breach from friendly hackers first, before it can be maliciously exploited by criminals. Some bug bounty programs can be quite lucrative for freelance hackers, with an average bounty payment of $1,720 per critical vulnerability discovered.
A bug bounty program is just one of several subsets of a robust cybersecurity program required to protect your customers and brand. With all of the sensitive information exchanged online today organizations must take a practice approach to finding their unknown weaknesses.
Join me at IP EXPO on October 3rd to hear why leading organizations and governments using hackers as part of their proactive cyber defense.