Cybersecurity could be significantly enhanced if organisations embraced ethical hackers as a part of their strategies, potentially averting major attacks such as those witnessed by the Royal Mail, Capita, and the UK Electoral Data Commission.
This argument is underscored by the latest Hacker-Powered Security Report 2023 released by HackerOne, which reveals that hackers assisted 70% of organisations in dodging considerable cyber incidents.
The HackerOne report, now in its seventh year, surveyed 2,000 customers and hackers to offer deeper insights into the present state of cybersecurity and the incorporation of Generative AI (GAI) in hacking endeavours.
One key insight that emerged is the taste for ethical hackers. 57% of HackerOne clients identify exploited vulnerabilities as the primary threat to their entities, surpassing phishing (22%), insider threats (12%) and state-led actors (10%).
The report found that 96% of HackerOne customers believe their ranks can better ward off cyber attacks by accepting vulnerability reports from third parties. Yet, companies continue to harbour trust issues towards ethical hackers, as the report noted.
The HackerOne report also documented the burgeoning roles of hackers in the financial sense. Its ethical hacking community has exceeded $300 million in total lifetime earnings, it revealed.
Furthermore, thirty hackers have earned more than one million dollars independently on the platform, with one hacker outdoing the rest by amassing four million dollars in total earnings.
As technology evolves, hackers are diversifying their skill sets to stay ahead, according to the report findings. Generative AI (GenAI) is anticipated to emerge as a top target, with 55% of hackers planning to focus on it in the upcoming years.
New opportunities on the employment front are also evolving for hackers. For instance, 'Pentesting' and 'Secure Code Review', codewords for Penetration Testing and reviewing code for security potholes, have expanded total payouts. Such operations experienced a 54% surge on the HackerOne platform in 2023.
Speaking on the findings, Chris Evans, HackerOne CISO, and Chief Hacking Officer, said, "Organisations are under pressure to adopt GenAI to stay ahead of competitors, which, in turn, is transforming the threat landscape. If you want to remain proactive about new threats, you need to learn from the experts in the trenches: hackers."
The annual Hacker-Powered Security Report garners data from a large database of vulnerabilities and customer programs from HackerOne, capturing perspectives of its customers and over 2,000 hackers on its platform.
HackerOne's Attack Resistance Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure.