“There are two types of companies, those that have been hacked and those that have been hacked but don’t know it.”
Hacking is a lucrative industry and hackers – good and bad – are constantly looking at creative ways to hack into anything accessible on the Internet. In this quick guide, Johanna Ydergård, Head of Crowdsource @ Detectify, takes us into the mind of a hacker and shares how you can secure your company and users because a firewall just isn’t enough.
Keep in mind that hackers don’t target just one company as it’s often automated. Company size doesn’t matter, but how the organization chooses to handle the hack does.
Johanna believes there will always be more security outside companies than inside. And that’s where ethical hackers come in — they can knowingly break into your network or platform to test or evaluate its security, rather than doing so with malicious intent.
“This type of security knowledge is concentrated to a few people,” Ydergard said. “There’s a definite shortage of people with cybersecurity skills, and that shortage will climb to 1.8 million by 2022.”
So while the big unicorns like Uber or Airbnb have been known to attract ethical hackers by using their brand, smaller startups can have trouble finding them since there is currently a shortage of them.
Here are Johanna’s 3 ways your company can work with ethical hackers, in a relatively easy and inexpensive way to resembles the way Unicorn companies do.
#1 Have a responsible disclosure as the bare minimum
Give hackers a chance to report bugs to you without legal worries. If an ethical hacker finds something, they’ll want a nod from you that you welcome the info. You should certainly know about the software’s vulnerabilities before the customer does.
An ethical hacker must have guidelines as to the scope of what they can/can not touch. By giving them a safe harbor through responsible disclosure, they’ll understand there will be no undue penalties if they provide you with the information they’ve found while hacking your platform.
# 2 Automate Away
Hackers love automation, and we should, too. It helps to think like a hacker to catch widely-applicable bugs. Hackers like casting big nets and go for the old issues a company may have had and never fixed or platforms that don’t stay updated. Companies of all sizes should keep up to speed and test their code as it comes out and make necessary changes before problems arise.
#3 Reward Them
Johanna suggests incentivizing ethical hackers to break into your system and report issues. She said Detectify uses a “Bug Bounty Program” where they give t-shirts, stickers, even cash, depending on the levels of bugs found.
“But this sort of thing is a good future step,” Vdergard said. She said not to initiate this unless you are ready to respond quickly to hacker reports of issues and can fix things within a reasonable amount of time — otherwise, it can become overwhelming.
“Technical unicorns all do this,” Yderhard said. “Make hackers your allies, too. Invite them in and leverage their knowledge to bring safer products to market.”
Johanna Ydergard is Head of Crowdsourcing with Detectify. Her company is a SaaS-based website security service founded by a group of ethical hackers to provide vulnerability scanning for all companies, regardless of size.