Connect with us

Hi, what are you looking for?

OPINIONS

The age of the hacker

By Marten Mickos, CEO of HackerOne

Hacking is here for good, for the good of all of us. Half a million hackers have willingly signed up with HackerOne to help solve one of the greatest challenges our society faces today. We cannot prevent data breaches, reduce cyber crime, protect privacy or restore trust in society without pooling our defenses and asking for external help.

The positive power of the hacker community far exceeds the risks and the might of adversaries. To date, HackerOne has helped find and fix over 140,000 vulnerabilities for 1,600 client organizations, earning hackers more than US$72 million in awards — nearly half of that in the past year alone. A quarter of valid vulnerabilities found are classified as being of high or critical severity. When a new bug bounty program is launched, in 77% of the cases, hackers find the first valid vulnerability in the first 24 hours. That is how fast security can improve when hackers are invited to contribute.

Yet the work is not done. It has barely begun. Each day we must fear the discovery of yet another giant data breach. The number and the magnitude of the breaches keep growing. At risk are financial institutions, healthcare organizations, e-commerce companies, big box stores, media companies and practically anyone relying on technology.

Advertisement. Scroll to continue reading.

But some of the most recent breaches have one thing in common: they were detected, discovered and reported by good hackers.

Hackers are no longer anonymous guns-for-hire. They are being embraced by everyone from the insurance industry to government agencies. Hacker- powered security is today a given part of a mature and proactive security program.

It’s not hard to see why. Businesses process more sensitive data and more personal information than ever before. Software development lifecycles are increasingly continuous. As companies work overtime to push code, criminals work overtime to find ways to break in. It feels impossible to scale security with product development. Innovation is outpacing traditional security measures.

Working with hackers allows you to provide security at the speed of innovation.

The number of hacker-powered security programs is rapidly growing all over the world. Latin America saw record growth of 41% over the previous year. The federal government sector grew an impressive 214%.

Advertisement. Scroll to continue reading.

The professionalism and positive impact of hacking is also growing at an impressive clip. Last year, HackerOne paid out 511 individual bounties of US$10,000 for issues of critical severity, a four-fold increase over the year before. The average bounty for a critical vulnerability increased nearly 50% in just one year to US$3,384. And yet that is an incredibly low price for a company to pay for the ability to block a weakness that otherwise could be the cause of a data breach.

Hacker rewards are going up both on a unit level and in the aggregate. United States, India, Russia, Canada and Germany are the top earning countries for hackers. Over 50 hackers earned over US$100,000 last year. A full half-dozen surpassed US$1 million in lifetime rewards.

Society is embracing the positive power of hacking. Lawmakers are introducing legislation to drive hacker-powered security. Government agencies are launching bug bounty and vulnerability disclosure programs. Noteworthy customers include the European Commission, U.K.’s National Cyber Security Centre, Singapore’s Ministry of Defense, and, for several years, the U.S. Department of Defense, including the Army, the Air Force and the Marine Corps.

Hacker-powered security is on the rise in risk- averse and highly regulated industries such as financial services, banking, insurance, healthcare  and education. With HackerOne’s new pentesting and compliance offerings, such companies can fulfill security obligations in a way that’s less costly yet more productive. Today, six of the top ten financial services organizations in North America, and companies like Goldman Sachs, PayPal, and Lending Club, are working with HackerOne.

Every five minutes, a hacker reports a vulnerability. Every 60 seconds, a hacker partners with an organization on HackerOne. That’s more than 1,000 interactions per day.

Advertisement. Scroll to continue reading.

There are more than 555,000 hackers registered on HackerOne who find vulnerabilities missed by traditional detection methods. These trusted hackers — many of whom are under the age of 35 — play a critical role in securing organizations large and small.

Security vulnerabilities are a fact of life. For this reason, technology unicorns, e-commerce conglomerates, governments around the world, and hospitality giants are competing to attract hackers who have one key advantage over traditional methods: they can think like an attacker.

The stories of these hackers are inspirational. They’re an invaluable extension of the most trusted security teams, on a mission to find what others may have missed or could not see.

Hackers are the solution to the world’s cybersecurity challenges. By investing in people, not just software, we will see the greatest outcome. It is our mission to empower the world to build a safer Internet.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Big data has been gaining more and more importance in our digital world, as all companies use big data in their systems to improve...

White Papers

Statistics from Kaspersky Security Network (KSN) revealed that phishing attempts in the Philippines is higher than in Indonesia (65.90%), Singapore (55.67%), Thailand (55.63%),  Malaysia...

White Papers

Intruder dwell time was longer in smaller organizations’ environments. Attackers lingered for approximately 51 days in organizations with up to 250 employees, while they...

HEADLINES

The PLDT group’s latest clampdown on ‘smishing’ has expanded earlier efforts to prevent these harmful messages from reaching customers. From January to May this...

White Papers

Most companies (63%) are AI Experimenters, barely scratching the surface of AI’s potential with an AI maturity score of 29. AI Innovators (13%), scoring 50, and AI Builders (12%), at...

White Papers

Data from Kaspersky showed the detected attempts to attack Filipino mobile users plunged to 55,617 or 49% in 2020 compared to 110,128 in 2019.

HEADLINES

Today endpoint security is an integral part of an organization’s cyber defense infrastructure, which shares threat intelligence feeds and policy controls with all other...

HEADLINES

Tonik has selected the Noname API Security Platform to ensure that its digital efforts, which have accelerated during the pandemic, incorporate robust cybersecurity measures that...

Advertisement