HackerOne, shared its 4th Annual Hacker-Powered Security Report looking at today’s security landscape powered by the hacker community. Part of the focus in this year’s report seeks to understand how COVID-19 has impacted security across the globe and the challenges organisations and security professionals are facing in this unprecedented time.
The New Normal
“For many organisations, the attack surface has greatly expanded as a result of the new normal brought on by the pandemic. It’s no surprise that more and more businesses are following the example of government agencies, financial service companies and cloud vendors in the Asia-Pacific region by leveraging the ethical hacking community to improve security and protect valuable data as the threatscape evolves. Security teams realise that traditional measures are no longer sufficient and they must consider more agile solutions such as hacker-powered security,” said Marten Mickos, CEO at HackerOne.
In fact, HackerOne research revealed digital initiatives had accelerated for 37% of security leaders in Singapore. Nearly 40% were forced to go through it before they were ready, and almost 20% of businesses have had to expedite their decision to move to the cloud.
Figure 1: Singapore results from HackerOne’s CISO survey on COVID-19
Naturally, with digital transformation comes an ever expanding technology landscape, which in turn adds additional threat vectors for possible exploitation. 58% of Singapore security leaders believe that their organisation is more likely to experience a data breach due to COVID-19 and 21% say that have seen more attacks on their IT systems during this period. In times like this, the role of security professionals to secure the ever-expanding attack surface is critical. However, 30% of businesses in Singapore have seen their security teams reduced due to the pandemic, and a quarter have seen their budgets reduced. This places immense strain on security teams, leaving them stretched thin and not staffed to cope.
Marten shares, “To adapt to changing spending patterns, companies have launched new digital products and revenue streams, fighting to keep revenue flowing during a global recession. Security and business leaders are learning that hackers aren’t just for tech companies: they are a critical part of any mature security strategy. Today’s challenges demand scalability, creativity, and adaptability on an unprecedented scale, and hackers are prepared to meet those demands.”
More Security Leaders Trust in Hackers
With budgets and teams cut, it is not surprising to see that 21% of security leaders in Singapore agree that they would now be more open to receiving vulnerability reports from third party researchers than before the pandemic. Against a backdrop of unparalleled obstacles, security leaders have gained newfound appreciation for hacker-powered security as a nimble, scalable, and cost-effective solution.
To illustrate, HackerOne’s customers interviewed by Forrester Consulting in a recent report saw better security, improved customer satisfaction, and overall cost savings when adopting hacker-powered security. This year’s Hacker-Powered Security Report reveals that new options and continued deployment have propelled all global regions to double-digit year-over-year program growth, with Asia-Pacific (APAC) adding 93% more programs and Latin and South America (LATAM) adding 72%. Combined, all global programs awarded 87% more bounties year-over-year.
Security leaders are partnering with good-faith hackers to make the internet a safer place and CISOs are augmenting security frameworks with hackers’ human creativity and always-on security efforts. This is true even for Singapore. The Cyber Security Agency of Singapore (CSA) recommends organisations and companies to consider working with external security researchers and good faith hackers through bug bounty programs and responsible vulnerability policies to help strengthen their cyber defences. In fact, the Singapore’s Government Technology Agency (GovTech) and Cyber Security Agency of Singapore (CSA) launched a government bug bounty program in 2018 and a vulnerability disclosure programme in October of 2019.
Around the world, the hacker community has grown in size and sophistication. Nine hackers have surpassed the US$1million mark in total bounties earned the past year.
As of May 2020, HackerOne has paid out a total of US$100 million in bounties to the hacker community, and Marten predicts that number is going to be US$1billion within the next five years.