We need human ingenuity and AI-powered security

1 July 2020 Editor's Choice

Bugcrowd, a crowdsourced security company, released its 2020 ‘Inside the Mind of a Hacker’ report, the most comprehensive study to date on the global hacking community. Among the report’s key findings, human ingenuity supported by actionable intelligence of the Bugcrowd platform were found to be critical ingredients to maintaining a resilient infrastructure. In fact, 78% of hackers indicated AI-powered cybersecurity solutions alone aren’t enough to outmanoeuvre cyberattacks over the next decade.

Nearly nine out of ten hackers, 87%, say that scanners cannot find as many critical or unknown assets as humans. While 2019 was a record year for data breaches, the report found that hackers working on the Bugcrowd platform prevented $8,9 billion of cybercrime in 2019 and earned 38% more than they did in the previous period. In the next five years, hackers on the Bugcrowd platform are projected to prevent more than $55 billion in cybercrime for organisations worldwide.

“Globally-distributed good-faith hackers are increasing in number and diversifying. Bugcrowd gives organisations the power to proactively leverage human ingenuity – the enabler of malicious cyberattacks – at scale to prevent them,” said Casey Ellis, founder, chairman, and chief technical officer of Bugcrowd. “While AI has a role to play in helping to reduce cyber risk, companies need to integrate crowdsourced security throughout their security lifecycle if they hope to outsmart and outmanoeuvre cybercriminals.”

“Hackers will always be one step ahead of AI when it comes to cybersecurity because humans are not confined by the logical limitations of machine intelligence,” said Jasmin Landry, top-ranked Bugcrowd hacker. “For example, hackers can adapt four to five low-impact bugs to exploit a single high-impact attack vector that AI would likely miss without the creative flexibility of human decision-making. Experience allows hackers to recognise vulnerable misconfigurations that represent a true risk to organisations without all of the false positives that typically come with AI-powered solutions.”

The ‘Inside the Mind of a Hacker’ report analyses 3493 survey responses from working hackers, plus hacking activity on the Bugcrowd platform between 1 May 2019 and 30 April 2020. In addition, the report incorporates data from 1549 programs and 7,7 million platform interactions to provide a striking and in-depth view of emerging trends among bug bounty, penetration testing, attack surface management, and vulnerability disclosure programmes.

Career hacking in emerging countries skyrockets

The research found that hackers live on six continents and reside in more than 100 countries worldwide. Most notably, the report identified an 83% growth in respondents living in India and nearly three out of four hackers (73%) speak two or more languages.

“Diversity is the critical, yet often overlooked, factor in any successful security strategy. Bugcrowd gives us the ability to rapidly analyse a situation using global perspectives from hackers – who already understand how our applications work – that collectively augment their unique backgrounds and sociocultural influences to keep us ahead of cybercriminals,” said Adrian Ludwig, chief information security officer at Atlassian. “Having started my career as a hacker, I understand that cybersecurity is inherently a human problem. ‘The power of the crowd’ in crowdsourced cybersecurity is rooted in being able to look at the same thing as everyone else and see something else.”

COVID-19 increasing demand for career hackers

The FBI reported a 400% rise in cybercrime after COVID-19 was declared a pandemic and organisations are investing more in bug bounty programmes as a result. More than half of hackers (61%) have noticed an increase in available bug bounty programmes to participate in due to widespread remote working conditions related to the COVID-19.

“We are in unprecedented territory and COVID-19 has forced many businesses to accelerate digital transformation efforts,” said Ashish Gupta, CEO and president of Bugcrowd. “The rush to digitise businesses can create serious lapses in security and organisations are turning to bug bounty programmes to proactively safeguard new products and applications against vulnerabilities.”

Like the larger security industry, career hackers also noted concerns about COVID-related fraud. Nearly half of hackers (48%) believe the healthcare industry is the most vulnerable to cybercrime during the unfolding crisis, followed by education and community support (17%) and government and military (16%).

Additionally, as the government faces the potential impact of COVID-19 on the upcoming 2020 US Presidential election, 72% of hackers independently reported that they do not trust alternative polling methods, like electronic polling or mail-in ballots.

For more information on Bugcrowd or to download the full report, please visit www.bugcrowd.com/inside-the-mind-of-a-hacker




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Key criteria in the selection of CCTV control room operators
Issue 5 2020, Leaderware , Editor's Choice
Some people are better at aspects of the job of CCTV operator than others, and some companies put in a lot more effort in choosing their operators than others.

Read more...
Leaders in risk and security: As long as there are people, there will be risk
Issue 5 2020, iFacts, Technews Publishing , Editor's Choice
Jenny Reid is a self-made success, focusing on people, the risks they create and the potential they have.

Read more...
XProtect available on AWS
Issue 5 2020, Milestone Systems, Technews Publishing , Editor's Choice
Milestone recently announced the availability of XProtect on Amazon Web Services. Hi-Tech Security Solutions asked Keven Marier for more information.

Read more...
From data centre to edge, from one source
Issue 5 2020 , Editor's Choice
First Distribution (FD) is better known in South Africa as an ICT distributor with an enterprise focus. Its offerings in this regard range from client solutions through to hosted solutions, data centre ...

Read more...
Paxton launches access and video management
Issue 5 2020, Paxton Access , Editor's Choice
Paxton’s next-generation access control and video management system, Paxton10, officially launched in South Africa on 2 July 2020. Paxton10 is the next step in complete security solutions and combines ...

Read more...
The evolution of security in residential estates
Residential Estate Security Handbook 2020 , Editor's Choice, Integrated Solutions, Security Services & Risk Management
Two large estates discuss their security processes and the ever-expanding scope of responsibilities they need to fulfil.

Read more...
The COVID test for estate business continuity planning
Residential Estate Security Handbook 2020, Technews Publishing , Editor's Choice
Many estates were caught unaware when the COVID-19 pandemic and subsequent lockdown hit. Helderberg Village was ready for the challenge.

Read more...
Bang for your security buck(s)
Residential Estate Security Handbook 2020, Alwinco , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions asks how estates can maintain a good security posture in the time of the ever-shrinking budget.

Read more...
Local or remote management
Residential Estate Security Handbook 2020, Xone Integrated Security, Vox Telecom, Fidelity ADT , Editor's Choice
Hi-Tech Security Solutions asked three companies well versed in offering control room services – either remote, local, or both – what’s happening in the estate monitoring and/or management market.

Read more...
Residential Estate Security Conference 2020
Residential Estate Security Handbook 2020, Technews Publishing , Editor's Choice
Back in the old days when conferences that people attended in a single location were a thing, Hi-Tech Security Solutions held its Residential Estate Security Conference 2020 at the Durban Country Club.

Read more...