Authored by: Kevin Gallerin, Managing Director, Asia Pacific, YesWeHack
BUG BOUNTY PROGRAMMES WILL GAIN TRACTION AS A WAY TO BOOST STAKEHOLDER CONFIDENCE
There’s a great lack of trust for digital services in Asia Pacific — with only 31% of consumers believing that their personal data will be handled in a trustworthy manner. Add to that the dramatic increase in cybersecurity breaches spanning across industries (including Toyota, Singapore’s Ministry of Health and Sephora, just to name a few), companies will be looking for new ways to bolster trust among customers and investors, and improve their cybersecurity defences. Bug bounty programmes will become key to boost consumer trust in digital services, and will see an accelerating uptake in 2020 as a tried-and-tested way to evaluate digital initiatives and assess risks, while establishing trust among stakeholders. In fact, we have already seen instances of start-ups who have been able to boost investor confidence and secure bigger deals through their bug bounty programmes.
DEVOPS AND AGILE SECURITY BECOME MORE THAN JUST BUZZWORDS
In 2020, DevOps and agile security will take centre stage, as traditional security testing struggles to keep pace with fast turnarounds and development cycles required to go to market. To add salt to the wound, the world is facing a severe shortage of cybersecurity skills, with Asia Pacific leading this gap — 2.14 million positions, at last count. These factors will get enterprises to start rationalising their need for security testing that’s quick, ‘always-on’ and flexible enough to support their digital transformation so that services remain protected year-round, as well as ones that can test applications that are still in development. Crowdsourced security will also be pivotal considering the region’s skills gap, since it will become increasingly difficult to find skilled security researchers and testers on short notice.
THE FINANCIAL SERVICES SECTOR WILL BECOME ONE OF THE FASTEST GROWING SEGMENTS FOR BUG BOUNTY
While it’s well-known that financial institutions are the target-of-choice for cybercriminals, 2020 will mark a key development in how these institutions prevent attacks — by uncovering, more quickly, hidden vulnerabilities through bug bounty programmes. This shift is further accelerated by the industry’s increased need to provide consumer convenience through a swathe of digital services, which has now grown to be able to allow customers do more than just transfer cash, including setting up of new accounts, managing investment portfolios and even processing cheques.
Without a doubt, while these digital services will add a huge layer of ease for consumer transactions, they are also highly lucrative targets for hackers. Being risk-averse and pragmatic, banks are starting to realise the value that bug bounty can bring to uncover flaws that have not been noticed throughout the development to deployment stage. Additionally, since these vulnerabilities are ‘real-world’ reports that have been uncovered by independent researchers, the risk it presents moves past the theoretical, and further prompts institutions to find a solution.