Introducing the 4th Annual Hacker-Powered Security Report
This is a time of unprecedented challenges. We face never-before- seen threats in the digital and physical worlds. If this past year has taught us anything, it is this: we need to leave behind our old tools, mindsets, and methods to create a path ahead.
But what does that path look like? In the physical world, COVID-19 is ravaging the international community. Negative externalities are flowing into the digital space, as well. This year, organizations across the globe have made unexpected changes to their operations. Businesses are figuring out how to contend with accelerated digital transformation and a surge in digital transaction volume. Many have had to expedite their decision to move to the cloud. Companies are hurrying to support hundreds or thousands of employees who are suddenly working remotely. To adapt to changing spending patterns, companies have launched new digital products and revenue streams, fighting to keep revenue flowing during a global recession.
In doing so, organizations are opening up new attack surfaces they are unprepared to protect. Protection efforts are left in the hands of security teams who are not staffed to cope. The result? Losses that can be measured in data, revenue, reputational damage, operational disruption, and churn.
For organizations that operate in the digital space, there’s no such thing as business-as-usual anymore— which means that business-as-usual security can no longer suffice. Security leaders are starting to ask some tough questions. If you’re facing resource constraints, how do you design software that’s secure from the start? How can you protect software applications as they move to the cloud? How do you scale security on a constantly-evolving attack surface? Is there a way to maintain brand trust and mitigate risk of a breach with such a sharp increase in digital transactions? And with everything else on fire, what about the nuts-and-bolts of compliance and regulations?
The answer is hackers.
For years, organizations have turned to hackers to look for vulnerabilities before bad actors can exploit them. Quite simply, hackers are people who enjoy the challenge of creatively overcoming limitations. But they’re much more than that.
Hacker-powered security has become a best practice for many organizations, embraced by risk-conscious entities like the U.S. Department of Defense and Goldman Sachs. Security and business leaders are learning that hackers aren’t just for tech companies: they are a critical part of any mature security strategy. Today’s challenges demand scalability, creativity, and adaptability on an unprecedented scale, and hackers are prepared to meet those demands.
The Fourth Annual Hacker-Powered Security Report offers an incisive look at today’s security landscape and the hackers who are pushing the envelope.
This report tells a story that’s happening every day: security leaders are partnering with hackers to make the internet a safer place. CISOs are augmenting security frameworks with hackers’ human creativity and always-on security efforts. New options and continued deployment have propelled all global regions to double digit year-over-year program growth, with Asia-Pacific (APAC) adding 93% more programs and Latin and South America (LATAM) adding 29%. Combined, all global programs awarded 87% more bounties year-over-year.
Around the world, the hacker community has grown in size and sophistication. 9 hackers (from 7 different countries!) surpassed the $1 million / €850,000 / ¥7 million mark in the past year. Hundreds of thousands more use hacking to build valuable skills, advance their career, earn extra money, challenge their curiosity, and hang out with like-minded individuals.
Against a backdrop of unparalleled obstacles, security leaders have gained newfound appreciation for hacker- powered security as a nimble, scalable, and cost- effective solution. During global lockdowns, hackers reported 28% more vulnerabilities per month than immediately before the pandemic took hold. For many researchers, hacking has become a reliable source of supplemental income during the pandemic.
Even before the pandemic, hackers were devoting their time and skills to make the world a better place. The altruistic attitude sparked Hack for Good, a HackerOne program that provides an easy way to donate bounty earnings to a worthy cause. The World Health Organization, the first cause chosen by the hacker community this past spring, received $30,000 in donations from hackers to help fight the COVID-19 pandemic.
In this report, we’ll explore these trends and their ramifications for businesses and consumers worldwide. The short version: security has become synonymous with hacking. The future belongs to hackers and the organizations that embrace them. And that future starts right here.