Authored by: Rena Chua, Bug Bounty Advisor, HackerOne
COVID-19 has thrown the entire world into chaos. Due to the pandemic, organisations worldwide were forced to go digital with their product offerings and services. Businesses scrambled to find new revenue streams, creating digital offerings for customers whose lifestyles had dramatically changed. Tens of millions of workers had to work remotely.
With this accelerated pace of digital transformation, CISOs had to quickly facilitate new needs — while ensuring the security of existing systems and newly-acquired collaboration tools. Security teams were pushed to the limit. They struggled to maintain existing security measures while working to close newly-opened gaps.
Challenges Faced By Global Security Teams During The Pandemic
In a global survey to better understand how COVID-19 has impacted security, HackerOne reached out to CISOs and IT professionals to learn more about their challenges during the pandemic. The results of the survey found that 30% of global security leaders have had to switch priorities during the pandemic from application security to securing the use of work-from-home and collaboration tools.
Because of the pandemic, 64% believe their organisation is more likely to experience a data breach, and 30% have seen more attacks as a result of COVID-19. 30% of CISOs interviewed have seen their security teams reduced, and a quarter have had their budgets reduced.
In Asia Pacific (APAC), the results echo the same challenges:
56% of APAC security leaders believe they are more likely to experience a breach due to COVID-19
27% have seen more attacks on their IT systems as a result of COVID-19
32% have seen their security teams reduced and;
Almost 25% have seen their security budgets cut
The overall chaos and uncertainty has stressed even the most robust security teams. With shrinking budgets, streamlined teams, and dwindling resources, security teams are struggling to secure their assets, keep up with threats, and shift security to increase speed and agility. It does not help that 66% of all leaders surveyed felt under scrutiny to prove the business takes information security seriously.
Hackers Are Here To Help
Against a backdrop of unparalleled obstacles, security leaders have gained new-found appreciation for hacker-powered security as a nimble, scalable, and cost-effective solution. As many as 30% of global leaders surveyed have reported to be more open to accept vulnerability reports from hackers as a result of the challenges posed by COVID-19. Similar numbers were reported in APAC, with nearly 27% of security leaders surveyed agreeing.
According to HackerOne’s 4th Annual Hacker Security Report, hackers reported 28% more vulnerabilities per month during global lockdowns than immediately before the pandemic took hold. For many researchers, hacking has become a reliable source of supplemental income during COVID-19. For the community, hacking has remained a consistent and stable source of income even during the global recession.
This past year, new hackers have joined the community at an accelerated rate. Compared with January and February of 2020, as the pandemic took hold, the average number of new hacker signups on the HackerOne platform increased by 56% across April, May, and June.
Year over year, April, May, and June of 2020 saw 69% more new hacker signups than the same period in 2019. Hackers are also more prolific than ever with the monthly average number of incoming bug reports in April, May, and June of 2020 increasing by 28% over January and February, and increasing 24% over the previous year. Organisations have responded to this much-needed help by awarding 29% more bounties per month, on average, during the April-June period than during January and February.
The Power of Community
The impact of COVID-19 prompted an incredible amount of support from hackers to help relief efforts across the world. The community itself has created new initiatives, for example, Marc Rogers’ CTI League, which combats hacks against medical facilities and other frontline responders, and the US Digital Response, which provides experienced technologists to help governments deliver critical services. Individual hackers even raised their hands to help healthcare providers deal with incoming threats.
The dedication and genuine care shown by this community has inspired HackerOne to create Hack for Good, a custom donation profile where hackers on the HackerOne platform can easily donate full or partial amounts of their bounties to community-selected charities that rotate each quarter. The first recipient — receiving US$30,000 from generous hackers — was The World Health Organisation (WHO) COVID-19 Solidarity Response Fund. Donations were used to support WHO and their global partners in their pandemic fight.
The COVID-19 pandemic has shown us how small and interconnected our world is. Technology is fundamentally global, and yet the systems upon which we have built our digital lives can be upended in seconds. Around the world, hackers and security researchers are collaborating for the better of the internet. Security has become synonymous with hacking. The future depends on hackers and the organisations that embrace them.