Crowdsourcing cybersecurity: Why inviting hackers to have a crack at your security can make sense for your enterprise

By Budd Ilic, ANZ Country Manager at Zscaler

Credit: ID 137941936 © Feodora Chiosea | Dreamstime.com

Crowdsourcing, which involves the seeking of input or support for a venture from a large number of people via the internet, has become an unremarkable practice in recent times.

Crowdfunding campaigns are more than a dime a dozen. According to the popular platform GoFundMe, more than 10,000 people start a GoFundMe campaign each day—a statistic that explains the site’s claim to have raised more than $5 billion since its 2010 launch.

Such campaigns are well and good for individuals and businesses looking to raise money to get new products off the ground or muster support for a pet cause. But would you trust crowdsourcing as a means to improve the security of your network and enterprise systems?

A group of the world’s largest high-tech vendors do so and the smart money suggests that hundreds of organizations, abroad and here in Australia, are set to follow suit. Offering financial rewards or “bug bounties” to hackers who can find a weakness in your cybersecurity bulwark can be a fast and cost-effective way for organizations to strengthen their defenses before trouble strikes for real.

Rising threats

The chances of real trouble is rising. Nearly 50 percent of the local enterprises surveyed by PwC for its 2018 Global Economic Crime and Fraud Survey: Australian Report claimed to have experienced a cyberattack between 2017 and 2018. Cybercrime has been flagged as the most disruptive economic crime du jour and the prime danger to growth prospects for businesses.

Research commissioned by Microsoft in 2018 put the economic costs associated with cybersecurity incidents—revenue loss, reduced profitability, fines, lawsuits and remediation—at a staggering $29 billion a year; almost two percent of Australia’s GDP.

Large organizations—those with more than 500 employees—may incur losses as high as $35.9 million in the form of direct, indirect, and induced costs should a significant breach occur.

Many eyes make for safer systems

A crowdsourcing cybersecurity initiative is not a complete safety solution, but it can be an excellent way to test the efficacy of the measures you’ve already put in place.

It’s not a matter of throwing down the gauntlet to random, faceless hackers with dubious intentions. Companies can engage with the cybersecurity equivalent of GoFundMe, established platforms whose verified security researcher members can opt in to challenges as they’re posted. Popular platforms include HackerOne and Bugcrowd, winner of the Australian American Chamber of Commerce’s Most Innovative Company award for 2018.

Here are some reasons why it makes sense to open your enterprise security infrastructure up to the crowd.

Scarce resources on demand

If you’re an Australian organisation looking to beef up your internal cybersecurity team, then good luck with that. The industry is in the grips of a significant talent deficit—federal agency Aust Cyber has estimated an additional 11,000 cybersecurity professionals will be needed to meet demand over the coming decade and that’s unlikely to change any time soon. Importing overseas specialists to plug the gap is not answer, given that experts claim the skills shortage is similarly acute elsewhere in the developed world.

Security crowdsourcing can provide access to a smorgasbord of specialized skills that would be expensive and difficult to access on the open market. Better still, they’re available on a no-win, no-fee basis, as companies only pay bounties when bugs are detected. That makes it a cost-effective means of augmenting existing resources.

Reputation rehab

A headline-hitting breach or security outage has the potential to be a long-term reputation wrecker. Consumers fret about the fallout should their data fall into hackers’ hands and wonder whether the company in question is committed to ensuring it doesn’t happen again. Commencing a crowdsourcing security initiative can be one way to demonstrate you’re taking the issue seriously and are willing to explore new measures to bolster your defenses.

Keeping up with the company next door

If there’s one thing hackers and cybercriminals like, it’s easy access.

Keeping pace with other organizations on the cybersecurity front lessens the chance you’ll be a sitting duck. As security crowdsourcing goes mainstream, that may mean joining the crowd of companies posting their own bug bounty challenges.

Strengthening security

In a climate of rising risk, there’s no room for complacency. Australian companies need to act wisely and strategically if they’re to keep pace with the army of hackers and cybercriminals intent on compromising and exploiting corporate networks and the customer data they contain. Enlisting a crowd of experts to the defense team can be a great start.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags zscalercrowdsourcingGoFundMe

More about AustraliaBugcrowdMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Budd Ilic

Latest Videos

More videos

Blog Posts