This is a time of unprecedented challenges. We face never-before-seen threats in the digital and physical worlds. If this past year has taught us anything, it is this: we need to leave behind our old tools, mindsets, and methods to create a path ahead.
But what does that path look like? COVID-19 has led organisations across the globe to make unexpected changes to their operations. Businesses are figuring out how to contend with accelerated digital transformation and a surge in digital transaction volume.
Many have expedited their move to the cloud
In doing so, organisations are opening up new attack surfaces they are unprepared to protect. Protection efforts are left in the hands of security teams who are not staffed to cope.
The result? Losses that can be measured in data, revenue, reputational damage, operational disruption, and churn.
There’s no such thing as business as usual anymore — which means that business as usual security can no longer suffice.
Security leaders are asking some tough questions.
If you’re facing resource constraints, how do you design software that’s secure from the start? How can you protect software applications as they move to the cloud? How do you scale security on a constantly-evolving attack surface?
Is there a way to maintain brand trust and mitigate risk of a breach with such a sharp increase in digital transactions? And with everything else on fire, what about the nuts-and-bolts of compliance and regulations?
The 2021 Hacker Powered Security Report: Finance offers an incisive look at the global security landscape for financial services organisations and the hackers who are pushing the envelope to help them.
Around the world, the hacker community grew in size and sophistication, using hacking to build valuable skills, advance their career, earn extra money, and challenge their curiosity.
Financial businesses are augmenting security frameworks with hackers’ human creativity and always on security efforts.
Against a backdrop of unparalleled obstacles, hacker-powered security continued to scale. During global lockdowns, hackers reported 28% more vulnerabilities per month than immediately before the pandemic took hold.
For many researchers, hacking became a reliable source of supplemental income during the pandemic.
Key findings:
- The number of financial services firms adopting hacker powered security increased by over 75% in the past year.
- In 77% of cases, public bug bounty programs receive their first vulnerability report within the first 24 hours.
- Financial Services firms are amongst the fastest to pay bounties with a median time to bounty of 0.9 days.
To better understand how COVID-19 has impacted security, HackerOne surveyed security leaders about their challenges during the pandemic.
The report found that 64% of global security leaders believe their organisation is more likely to experience a data breach due to COVID-19, and 30% have seen more attacks as a result of COVID-19.
Unfortunately, 30% have seen their security teams reduced due to the pandemic, and a quarter have seen their budgets reduced.
To adapt to changing attack surfaces, many are turning to hacker-powered security. And hackers are stepping up.
This past year, new hackers have joined the community at an accelerated rate. Compared with January and February of 2020, as the pandemic took hold, the average number of new hacker signups on the HackerOne platform increased by 56% across April, May, and June.
Hackers are also more prolific than ever with the monthly average number of incoming bug reports in April, May, and June of 2020 increasing by 28% over January and February, and increasing 24% over the previous year.
Organisations have responded to this much-needed help by awarding 29% more bounties per month, on average, during the April-June period than during January and February.
The post Hacker-powered security: Is your organisation paying bounties? appeared first on Payments Cards & Mobile.