Ethical hackers help organizations avoid cyber incidents
Ethical hacking company HackerOne has announced that its ethical hacker community has surpassed $300 million in total all-time rewards on the HackerOne platform.
The company's 2023 Hacker-Powered Security Report also shows 30 hackers have earned more than a million dollars on the platform, with one hacker surpassing four million dollars in total earnings.
Hackers continue to experiment with GenAI, with 61 percent saying they will use and develop hacking tools from GenAI to find more vulnerabilities and another 62 percent planning to specialise in the OWASP Top 10 for Large Language Models. Hackers also say they plan to use GenAI to write better reports (66 percent) or code (53 percent) and reduce language barriers (33 percent).
Insufficient in-house talent and expertise are seen as the top challenge for organizations, and hackers are filling this gap. 70 percent of HackerOne customers say hacker efforts have helped them avoid a significant cyber incident.
The report also finds that 57 percent of HackerOne customers believe exploited vulnerabilities are the greatest threat to their organizations, followed by phishing (22 percent), insider threats (12 percent), and nation-state actors (10 percent).
Customers are getting faster at fixing vulnerabilities, as the average platform-wide remediation time dropped by 10 days in 2023. Automotive, media and entertainment, and government sectors have seen the biggest decrease in time to remediation with a more than 50 percent improvement.
Organizations are also reducing costs by embracing human-centered security testing earlier in their software development lifecycles, with customers saving an estimated $18,000 from security experts reviewing their code before release.
"Organizations are under pressure to adopt GenAI to stay ahead of competitors, which, in turn, is transforming the threat landscape. If you want to remain proactive about new threats, you need to learn from the experts in the trenches: hackers," says Chris Evans, HackerOne CISO and chief hacking officer. "The Hacker-Powered Security Report makes clear that hackers are actively growing their skillsets to meet emerging threats. The versatility of hackers and the impact of the vulnerabilities they surface make them instrumental to how our customers anticipate and address risk."
The full 2023 Hacker-Powered Security Report is available from the HackerOne site.
Image credit: nialowwa/depositphotos.com