Crowdsourced Bug Bounty Programs Help EU Firms Beat Hackers at Their Own Game

Cyberthreats have heightened in the wake of the pandemic and fraudsters getting more sophisticated by the day, creating countless threats and vulnerabilities that require businesses to stay on top of their game to safeguard their data and systems from attackers.

Of all the solutions companies could explore, it may seem counterintuitive to include voluntarily hacking themselves on the list. However, Inti De Ceukelaire, head of hackers at cybersecurity firm Intigriti, said firms that have gone through consultancy checks and many certifications have had to come to terms with the painful reality of how vulnerable their systems are to attacks.

“They come to us and tell us, ‘You can test us, we’re not afraid,’” De Ceukelaire told PYMNTS in an interview, adding that it doesn’t take long for that confidence to drop. “In more than 70% of all cases, a high to critical vulnerability is detected within 48 hours.”

This sudden realization of their exposure to threats has given the Brussels-based firm an opportunity to help clients beat cybercriminals at their own game, working with its community of about 50,000 ethical hackers. These hackers work to uncover unknown yet potentially harmful vulnerabilities in their systems — a testing approach known as a crowdsourced bug bounty program.

Launched in 2016, the crowdsourced security platform recently announced a $22.4 million Series B raise — a significant amount that, according to the firm’s CEO Stijn Jans, validates their business and shows that there is growing demand for their service in the market.

Read more: Cybersecurity Company Intigriti Nets $22.4M in Series B Funding

For De Ceukelaire, it’s on an even more personal level.

“I’ve been an ethical hacker for over 10 years now and initially, my desire to help companies wasn’t always appreciated — [that is why] I think [this shift in mindset] is a beautiful thing,” he said, adding that “10 years ago, this job was illegal in some countries, but today, it’s a full-time job [for many individuals].”

Hacking Is Here to Stay

As much as businesses are warming up to the idea of allowing their systems to be hacked, De Ceukelaire said it is still important to reassure new clients that there will be no exposure to malicious hackers.

“The first exercise we do is to look at the scope of the attack surface and all the different ways that hackers can get in. Then we try to see how we can test for all of these things with a group of crowd members without disrupting any of their business,” he explained, adding that by starting up small and privately, clients’ business operations are not disrupted and trust is built.

For ethical hackers, the first person who finds and reports a vulnerability is the one that gets paid, a strategy — “the power of the crowd” — that keeps hackers motivated to keep finding issues that a single consultant or a small team would have easily missed, De Ceukelaire noted.

It’s also proof that with human creativity, it is possible to beat any machine or technology, and that is the reason why he disagrees with solutions that seek to bypass ethical hackers and fully automate the cyber defense process.

“Hacking is one of the oldest jobs [to exist]. People don’t need a computer to hack, they have been cheating and bypassing rules for [as long as we can remember] and it will continue to exist for many, many years [to come],” De Ceukelaire argued.

 

Sign up here for daily updates on all of PYMNTS’ Europe, Middle East and Africa (EMEA) coverage.