AI alone isn't enough to thwart cyberattacks
Crowdsourced security platform Bugcrowd has released a new report which shows that 78 percent of hackers on its site say AI-powered cybersecurity solutions alone aren’t enough to outmaneuver cyber attacks over the next decade.
The 2020 Inside the Mind of a Hacker report also reveals that 87 percent say that scanners can’t find as many critical or unknown assets as humans.
It shows hackers working on the Bugcrowd platform prevented $8.9 billion worth of cybercrime in 2019 and earned 38 percent more than they did in the previous period. In the next five years, hackers on the Bugcrowd platform are projected to prevent more than $55 billion in cybercrime for organizations worldwide.
"Globally-distributed good-faith hackers are increasing in number and diversifying. Bugcrowd gives organizations the power to proactively leverage human ingenuity -- the enabler of malicious cyberattacks -- at-scale to prevent them," says Casey Ellis, founder, chairman, and CTO of Bugcrowd. "While AI has a role to play in helping to reduce cyber risk, companies need to integrate crowdsourced security throughout their security lifecycle if they hope to outsmart and outmaneuver cybercriminals."
The report analyzes responses from almost 3,500 hackers working in the Bugcrowd platform and finds that it’s a role attractive to the younger generation with 53 percent of hackers under the age of 24. Hackers live in more than 100 countries worldwide. Most notably, the report identifies an 83 percent growth in respondents living in India and nearly three out of four hackers (73 percent) speak two or more languages.
There's also a strong social responsibility trend among businesses and hackers. 93 percent say they primarily hack out of care for the well-being of the organizations with which they work. Additionally, organizations made five-times the number of coordinated disclosures in the last twelve months.
"Hackers will always be one step ahead of AI when it comes to cybersecurity because humans are not confined by the logical limitations of machine intelligence," says Jasmin Landry, top-ranked Bugcrowd hacker. "For example, hackers can adapt four to five low-impact bugs to exploit a single high-impact attack vector that AI would likely miss without the creative flexibility of human decision-making. Experience allows hackers to recognize vulnerable misconfigurations that represent a true risk to organizations without all of the false positives that typically come with AI-powered solutions."
The full report is available on the Bugcrowd site.