Technology Domain Ramparts Ethical Hackers Excelling at Work, Earned $45 Million from Bounties
Marian Wright Edelman once said - In every seed of good, there is always a piece of bad. Everything is connected and is in balance. The same applies to the laws of physics, opposite poles attract each other, and the same law applies to almost everything. However, today we’ll talk about technology and the realm related to it. Definitely, the advancement in technology is bringing boon to the society, however, it’s a boon till it is secured & protected. Once the security is broken, it can result in huge & enormous damage. In today’s world, where all our information are shifting to the cloud, and all the operations are conducted via servers - be it business, educational, financial or governmental, the risk of breaching is also getting higher. Here is the bad that is attached to the good of this realm - cybercrime. With an increase of more than three billion records breached over six years there is no doubt that cybercrime will keep increasing in the coming future, however, to deal with it, we need to leave behind our old tools, mindsets, and methods to create a path ahead.
This year, the COVID-19 pandemic brought major changes along with it, starting from the adoption of more cloud services to movement of organizations from physical operations to remote functions. Not just that but the pandemic also accompanied various difficulties with it; one of major is the recession. Hence, adapting to changing expenditure patterns, companies & organizations started learning new methods, launched new digital products and revenue streams, in order to fight the situation and keep revenue flowing during a global recession. However, in this process organizations started to open up new attack surfaces, which they were unprepared to protect, and protection efforts where left in the hands of security teams who were not staffed to cope. So, what can be the possible outcome? Rise in cybercrime, collateral damage, and losses that can be measured in data, revenue, reputational damage, operational disruption, and much more. But, with God grace, the result was not as bad as it could be. Thanks to the community of 'Hackers', or more appropriately ‘Ethical Hackers’, who were always there to deal with this security concern. Definitely, it was the community of geeks, who have been continuously grinding their mind to keep the society safe from cyber threats and attacks. For years, organizations have turned to hackers to look for vulnerabilities before bad actors can exploit them. Quite simply, hackers are people who enjoy the challenge of creatively overcoming limitations. But they’re much more than that. In the last decade, the role of hacker is deeply changed, these strange characters were once kept away from government affairs, but the scenario is reversed, there has been an unprecedented technological evolution and principal countries have discovered a new way of making war, a new way of spying. Today, hackers are the most important players for governments and cyber warfare but not only private companies and industry of crime consider them as the repository of knowledge that has become crucial, the mastery of new technology. Though technology, tools, programs, codes and all are crafted with great security & encryption, ethical hackers are the one who ensures that there is no loophole, which can be utilized by cybercriminals to create chaos.
These hackers are doing their best to maintain security while detecting all the possible durability and their efforts that are actually commendable can be evidently witnessed through a recent research report.
Let’s have a look at the report in details: According to data acquired by Atlas VPN, ethical hackers earned $44,754,742 million collectively from bug bounties in the last 12 months. Not just that but hackers reported 60,000 valid vulnerabilities in total. Which means the hackers received $979 on average per single vulnerability. The aforementioned data is enough to demonstrate the importance of these geeks in today’s world. Isn’t it?
Right now, for organizations that operate in the digital space, there’s no such thing as business-as-usual anymore, which means that business-as-usual security can no longer suffice. Security leaders are starting to ask some tough questions. If you’re facing resource constraints, how do you design software that’s secure from the start? How can you protect software applications as they move to the cloud? Is there a way to maintain brand trust and mitigate the risk of a breach with such a sharp increase in digital transactions? Answering to the aforementioned queries, hacker-powered security has become a best practice for many organizations nowadays. Security and business leaders are learning that hackers aren’t just for tech companies: they are a critical part of any mature security strategy. Today’s challenges demand scalability, creativity, and adaptability on an unprecedented scale, and hackers are prepared to meet those demands.
The Fourth Annual Hacker-Powered Security Report offers an incisive look at today’s security landscape and the hackers who are pushing the envelope. The report clearly states the story that’s happening every day - security leaders are partnering with hackers to make the internet a safer place. Companies that have bug bounty programs include big names such as Google, PayPal, AT&T, Costa Coffee, Line Corporation, and many more. According to the report, the United States remains as the top payer of bounties, rewarding hackers $39,125,265 in the past year. Rewards paid by the US organizations alone account for 87 percent of the total amount of bounties paid. The runner up is Russia, which granted $887,236 in bounty rewards to hackers. Bonuses awarded by Russian companies make up two percent of the total bounty prizes awarded to hackers. Organizations from the UK round out the top three, with $559,251 paid to hackers as bounty rewards. Bounty rewards distributed by UK companies amount to a little over one percent of the total amount of bounties paid in the past 12 months. Four countries, including Luxembourg, Dominican Republic, South Africa, and Samoa, paid bounties for the very first time over the last year.
When it comes to the hackers themselves, US hackers are leading the way. Together the US hackers earned $7,204,299, which accounts for 16 percent of the total amount of bounty winnings distributed over the last 12 months. Chinese hackers come in second, commanding $5,355,683. Bounty rewards received by Chinese hackers make up nearly 12 percent of all bounties paid in the past year. The Chinese hackers are closely followed by Indian hackers, who netted $4,401,251 in bounty winnings. Rewards collected by Indian hackers constitute close to one-tenth of the total amount of bug bounty rewards paid from May 2019 to April 2020. Other regions with hackers who collected over $1 million in bounty rewards include Russia ($3,083,973), Germany ($1,920,452), Canada ($1,653,313), United Kingdom ($1,430,886), France ($1,223,231), and Hong Kong ($1,040,347). Hackers from Benin, Comoros, Costa Rica, Gambia, Luxembourg, Malta, Oman, Paraguay, Senegal, the State of Palestine, Uganda, and Venezuela received rewards for the first time in the past year. “While bug bounty programs will not solve the cybersecurity talent shortage, organizations can still benefit significantly by outsourcing ethical hackers to identify weak spots in their security measures,” stated Rachel Welch, COO of Atlas VPN, sharing her thoughts on the topic.
Sectors and their dependency on Hackers
There is a huge discrepancy between the amounts of bug bounty rewards paid by different industries. The top two most paying industries include computer software and internet service sectors, while the bottom two industries include local government and healthcare sectors. Companies in the computer software industry distributed the biggest share of bounty awards to hackers in the past 12 months. In total, such companies paid out $16,263,982 in bounty awards, which make up more than 36 percent of the total awards paid. Next up is companies in the internet and online service industry, which distributed $16,079,195 in bounty rewards to hackers over the past 12 months. Bounty rewards paid by the organizations in the internet and online service sector also account for nearly 36 percent of the total bounties awarded in the past year. Companies in the telecommunication industry occupy the third spot. Together they distributed $2,497,042 in bounty rewards accounting for close to six percent of the total winnings from May 2019 to April 2020. Other industries paying more than $1 million in bounties to hackers include financial and insurance services ($2,286,351), media and entertainment ($1,826,974), as well as retail and e-commerce ($1,004,045).
Conclusion
Around the world, the hacker community has grown in size and sophistication. Nine hackers from seven different countries surpassed the $1 million (Rs. 7.3 crores) mark in the past year. Hundreds of thousands more use hacking to build valuable skills, advance their career, earn extra money, challenge their curiosity, and hang out with like-minded individuals. Since the convolution of security threats have multiplied, the requirement for ethical hackers and their significance across the world is rapidly multiplying. Adopting a driven approach and outlook towards security can help organizations shield their reputation effectively.