How companies use bug bounty hunting to increase security and attract young professionals Away from standard security checks towards crowdsourced cybersecurity: With bug bounty hunting, ethical hackers efficiently identify weak points for companies. Many young IT experts turn to this area – also to be able to learn more. Companies can benefit from this – twice over.

By
Brian Adam
-
0
42
why only a holistic risk assessment protects companies vulnerabilities compliance.png
why only a holistic risk assessment protects companies vulnerabilities compliance.png

How companies use bug bounty hunting to increase safety and attract young professionals

Away from standard security checks towards crowdsourcing cybersecurity: With bug bounty hunting, ethical hackers efficiently detect weak points for companies. Many young IT experts turn to this area – also to be able to learn more. Companies can benefit from this – twice over.

Ransomware attacks, phishing, data theft: According to Statista , almost half of German companies were victims of a cyber attack at least once in 2021 . The Federal Office for Information Security (BSI) recorded an average of 394,000 new malware variants in 2021 – every day.

In the midst of this constant barrage of criminals, organizations must contend with a shortage of IT professionals. According to the Bitkom Association , two thirds are struggling with this problem. Many companies complain that they cannot find new employees or that their own teams lack specialist knowledge.

This combination makes it a major challenge to guarantee the security of increasingly complex IT systems. At the same time, however, many young IT professionals complain that they lack opportunities to update their skills and expertise.

In order to gain relevant knowledge about IT security, half would rather turn to bug bounty hunting than their own company (11 percent). This is a finding of Intigriti’s 2022 Ethical Hacker Insights Report . 1,700 ethical hackers were surveyed. Most of them are young professionals: 73 percent are younger than 30 years. But what exactly are ethical hackers and bug bounty hunting?

What is bug bounty hunting?

In bug bounty hunting, hackers try to track down security gaps and vulnerabilities in software or operating systems. This can be translated as “Bounty hunting for bugs”. However, the attackers do this to the advantage of the company, because as so-called ethical hackers, they report any problems they find so that they can be fixed. In other words, the bounty hunters use their knowledge to help companies and not to harm them. In return, they receive a bonus from the company. This should motivate you to start looking. The amount depends on the relevance and size of the discovered vulnerability.

Because it involves dozens or more hackers pouncing on programs, it’s a crowdsourcing model. The advantage for companies: a large number of IT experts put programs through their paces – and track down leaks before cyber criminals do.

Bug bounty hunting versus pen testing

Unlike penetration tests, bug bounty programs use swarm intelligence: the ethical hackers with different backgrounds each use different tools and approaches to discover problems. You are always active. They only get paid when they actually discover something.

SEE ALSO  You won't imagine what a WiFI router has been used for

A targeted attack via a pentest, on the other hand, uses predefined test procedures. It is commissioned and carried out at a selected time. A smaller group of experts is involved.

90 percent of the hackers surveyed by Intigriti see the fact that pen tests are only carried out at certain times as a problem. The reason: These could therefore not offer permanent security 365 days a year. The situation is different with bug bounty hunting: This subjects a company’s cyber defenses to constant pressure to test how effective they are. The experts in the survey know their stuff: 65 percent of them not only have experience with bug bounty hunting, but also with pen tests.

Bug bounty hunting as a career goal for young talents – and how companies benefit

Bug bounty hunting is increasingly becoming a desirable career path for young IT professionals. 96 percent of ethical hackers would like to spend more time doing it, according to the Intigriti survey. Two-thirds are even considering working full-time in this field. Most appreciate the flexibility the job offers them: they can work remotely and at any time – and choose their own goals. The payment is also an important criterion for many. So far, however, more than half of them work in companies, and another 30 percent are students. So they do ethical hacking on the side.

But what does this mean for companies amid the skills shortage? You can benefit twice over by using a bug bounty program.

  • On the one hand, they protect their infrastructure better against attacks by cybercriminals because weak points are detected efficiently and constantly.
  • On the other hand, companies enable their security experts to acquire new skills through bug bounty hunting. In this way, they increase the agility in their teams in order to react appropriately to threats.

How Intigriti helps companies with bug bounty hunting

Intigriti’s security experts help companies protect themselves against cyberattacks. A huge global community of 50,000 ethical hackers is looking for vulnerabilities. The Intigriti interactive platform hosts bug bounty programs. These can also be managed and reports called up via the infrastructure. In addition, the ethical hackers communicate directly with the companies via the secure environment.

SEE ALSO  The six home appliances that you should put a smart plug on to save

This allows companies to have their programs subjected to continuous security tests. This is also crucial because the security situation changes with every release or update and cyber attacks do not stop. Companies therefore benefit from significantly better protection – and help their own employees to expand their expertise.

RELATED ARTICLESMORE FROM AUTHOR