In combatting the growth in cybersecurity threats and risks, organisations are deploying various solutions for cyber protection - but will these really suffice with the ever-growing number of cybercriminals?
For Marten Mickos, CEO of HackerOne, it is more important to utilise human intelligence and abilities compared to any technologies. Marten delivered the keynote address during HackerOne's fourth annual Security@ conference, which officially began yesterday.
“Too many software applications were created with no security in mind. The responsibility that should be carried by those who own and deploy software is pressed on unexpecting consumers who suffer the consequences of breaches and disruptions”, said Marten.
According to him, we cannot really rely on software applications forever. Marten suggested that companies should also use human intelligence in managing how they deal with escalating cyber threats, with “hackers” becoming an increasingly viable option. “Hackers are helping us fix what’s digitally broken. We are looking for an immune system against COVID-19 and in a way, interestingly, we only have one for the Internet – it is called ethical hacking”, he commented.
Cyber threats and risks are growing faster than ever before. It is also growing faster than our budget and resources. However, Marten believes there is one thing growing even faster, and that is the community of ethical hackers. Marten added that hackers are creative, tenacious and the vast majority of them are young and self-taught. This fact, according to him, holds great promise, as it means the growing problem of security vulnerabilities can be solved quickly because we can build the community so fast.
“Hackers are more productive and active earlier. In fact, every 180 seconds, hackers find a vulnerability and then report it”, explains Marten. He also mentioned that 30% of security leaders are now more open to accepting vulnerability reports from third parties such as hackers than before. “They bring talent, creativity and diverse skills to the table. What’s not to like”?
Marten said although companies cannot ask criminals not to attack them, but they can ask hackers to help. He then shared that the average cost of finding vulnerabilities (through bug bounty and such programmes) is only USD$ 979, significantly lower compared to breaches that cost millions of dollars.
Additionally, Marten said that there are still about 100 million security vulnerabilities that have not been found or fixed yet. These are the cybersecurity holes where criminals can break in and steal data, install malware, disrupt vital operations or distort facts.
“These hidden threats pose a major cyber [risk] for businesses big or small, and we must find them and fix them. But how do you find and eradicate 100 million bugs? It’s a huge undertaking. You do it certainly not by ignoring them, not by asking software engineers never to make any mistakes, not by automating or scaling tools – no, you need human intelligence and human discipline to eradicate software vulnerabilities”, explained Marten.
With the vital help of hackers, we are on the path of building a digital civilisation where privacy, safety and security are built-in, where we have digital trust. Marten concluded, “It is humans - creative, diverse and global humans - that will solve the problem. The problem won’t be solved by technology, it will be solved by human beings and these human beings are leading the charge”.