{"id":6338,"date":"2022-09-13T14:09:11","date_gmt":"2022-09-13T14:09:11","guid":{"rendered":"https:\/\/fintech.global\/cybertech100\/?p=6338"},"modified":"2022-09-16T15:15:20","modified_gmt":"2022-09-16T15:15:20","slug":"how-ethical-hackers-can-help-fintechs-fight-cybercrime","status":"publish","type":"post","link":"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/","title":{"rendered":"How ethical hackers can help FinTech companies fight cybercrime"},"content":{"rendered":"\r\n<p><strong>The threat from cybercrime has never been greater. As a result, corporations and governments are increasingly turning to hackers i.e. white hats for help with the promise of cash rewards known as bug bounties. And experts suggest that it\u2019s the best way to boost cybersecurity.<\/strong><\/p>\r\n<p>Google the word \u2018hacker\u2019 and most images seen on the front page are that of a sinister individual in a black hoodie portrayed as the most dangerous criminal in the digital world. However, as the old adage goes, \u2018it takes one to know one\u2019. Ethical hackers have now become a valuable part of the\u00a0cybersecurity\u00a0battlefield. As companies race to push out software without thoroughly vetting it for security flaws, reliance upon the hacker community to find and report these security holes has become an increasingly vital component of software development.<\/p>\r\n<p>With cybercriminals constantly exploring new attack methods, continuous security testing is fundamental to stay on top of threats. And seeking help from experts outside a company\u2019s IT department, such as hackers and researchers, has become quite common among cybersecurity companies. As Detectify Crowdsource community manager, Carolin Solsk\u00e4r said, \u201cHaving a hacker\u2019s approach to security testing software [can] help avoid pitfalls commonly exploited by hackers.\u201d<\/p>\r\n<p>As a result, bug bounty programs have become an effective way to find a much larger number of vulnerabilities and uncover bugs unknown to the public than an internal security team can do on their own. Companies get access to a global audience of skilled ethical hackers and can increase the chance of finding weaknesses within the applications before they are exploited by attackers. Bug bounties leverage crowdsourcing to report security exploits and vulnerabilities by incentivising white hat hackers who discover and facilitate the development of bug fixes before being exploited by cybercriminals. CSS head of cyber IT services E.J Yerzak said, \u201cBug bounties are reshaping the cybersecurity landscape, proving that just about anything can be crowdsourced nowadays.\u201d<\/p>\r\n<p>While bug bounties were controversial at first \u2013\u00a0since they reward hackers \u2013 they have now become increasingly formalised programmes. In fact, big organisations such as\u00a0<a href=\"https:\/\/www.google.com\/about\/appsecurity\/reward-program\/\">Google<\/a>,\u00a0Goldman Sachs\u00a0and the US Department of Defense are already using bug bounty programmes as a way to bolster better security. For instance, in 2020,\u00a0Google paid out $6.7m with its average bug rewards ranging from $100 to $31,337. In addition,\u00a0<a href=\"https:\/\/msrc-blog.microsoft.com\/2021\/07\/08\/microsoft-bug-bounty-programs-year-in-review-13-6m-in-rewards\/\">Microsoft<\/a>\u00a0shelled out $13.7m to bug bounty hunters and Facebook paid $1.1m to researchers for reporting bugs on its platforms. Apple too\u00a0announced a reward\u00a0of $200,000 for a flaw in the iOS secure boot firmware components.<\/p>\r\n<p>According to Yerzak, \u201cBug bounty programmes first emerged as a way for companies to compensate ethical hackers and security researchers for finding vulnerabilities that can be exploited. For the bug hunters, the payday complements the bragging rights which accompany a successful find.\u201d In fact, payments to hackers for finding bugs increased 83% in 2019 and 26% in 2020 with some bounties surpassing $10,000,\u00a0<a href=\"https:\/\/www.bugcrowd.com\/blog\/all-you-need-to-know-bug-bounty-testing-environments\/\">according to bugcrowd.com<\/a>.<\/p>\r\n<p><strong>Penetration testing vs bug bounty hunters<\/strong><\/p>\r\n<p>The evolving sector of cybersecurity has shown that there is no single method for detecting vulnerabilities. From pen testing and fingerprinting to external attack surface monitoring and port scanning, there are a host of methods that companies can use to identify potential anomalies. In a typical software development lifecycle, testing for vulnerabilities is conducted by a team who puts an application through the paces of a standardised set of tests. For instance, web penetration testing is a process of testing a system\u2019s security through simulated cyberattacks, using the same techniques as an attacker might. However, according to KYND CMO Melanie Hayes, \u201cit\u2019s scope is limited as the services are paid for to look at specific areas or systems.\u201d Comparatively, bug bounty programs are broader in scope and can cover a larger swathe of areas. To ensure complete digital security, companies which subject their applications to regular penetration testing can also supplement that scheduled testing with a bug bounty program to leverage the masses to continually subject the application to potentially different methods and tactics. \u201cWhere this truly shines is the element of crowdsourcing as it is open to all eligible participants, rather than a single organisation or contractor, which can lead to more reported bugs in a shorter period of time,\u201d she continued.<\/p>\r\n<p>Echoing a similar sentiment, Solsk\u00e4r detailed that while pentests can give an in-depth view of a system\u2019s weaknesses and vulnerabilities, they only offer a snapshot of the issues as the testing is not continuous. \u201cBug bounties programs, on the other hand, are a way for companies to get freelance ethical hackers to continuously find and report software vulnerabilities in their systems,\u201d she added. Detailing the process, she said, ethical hackers begin at the reconnaissance stage where information is gathered to understand how a software or website works \u2018behind the scenes.\u2019 They then use automated tools and processes to find weaknesses in the system or process. \u201cIf you know a website runs on WordPress, then you would definitely search for WordPress vulnerabilities and misconfigurations,\u201d she continued. The next step is to perform fuzzing which means providing invalid, unexpected or random inputs to URL parameters to see how the input is reflected in the application. \u201cBased on the result, you can get an idea of where there might be security weaknesses and vulnerabilities, and look into those areas more in detail,\u201d she explained.<\/p>\r\n<p>Moreover, running a bug bounty programme might prove to be a more economical option for companies as they only pay when certain vulnerabilities are discovered. Yerzak said, \u201cCompanies do not have unlimited budgets to spend on preventative testing of their applications, in which payment is rendered regardless of whether the testing finds any issues or not.\u201d<\/p>\r\n<p>However, according to Solsk\u00e4r<strong>,\u00a0<\/strong>managing a bug bounty program can quickly become an overwhelming task for organisations.\u201cBefore setting up a vulnerability disclosure program you need to have a proper internal process in place for handling the bugs and communicating with the hackers,\u201d she said. \u201cWith cyber threats climbing the agenda for companies across industries, there is also more competition for the hackers\u2019 expertise. For a bug bounty program to be successful today, companies need to pay competitively to motivate hackers.\u201d<\/p>\r\n<p>Another challenge with bug bounties is that they indiscriminately attract the attention of both blackhat and whitehat hackers. Yerzak said, \u201cThe benefits of a crowdsourced set of testing methods is partially offset by the risk of releasing software to the public before it has been adequately tested internally, because a significant vulnerability may be discovered by a black hat hacker and exploited before it ends up being reported by an ethical hacker.\u201d<\/p>\r\n<p><strong>Future lies in the hands of hackers<\/strong><\/p>\r\n<p>Bug bounty programmes have been in use since the mid-nineties, so they\u2019re hardly a new concept, but\u00a0with cyberattacks soaring in the past few years they\u2019ve grown in popularity. Clearly, the need for a robust digital security system is higher than ever. FinTech companies, in particular, saw a critical need for crowdsourced security due to the new challenges created by the pandemic and an increase in the activity of fraudsters trying to take advantage of compromised systems.\u00a0According to Bugcrowd\u2019s\u00a0<a href=\"https:\/\/www.bugcrowd.com\/resources\/reports\/priority-one-report\/\">Priority One\u00a0<\/a>report, FinTech firms doubled their payouts for critical security vulnerabilities from Q1 of 2020 to Q2.\u00a0<a href=\"https:\/\/member.fintech.global\/2021\/08\/04\/debunking-the-cybersecurity-myths-putting-your-business-at-risk\/\">With financial service providers being entrusted with personally identifiable information, the demand for cybersecurity continues to escalate<\/a>, making it a top priority for companies to beef up their cyber defences. It is therefore unsurprising to see several cybersecurity companies rake in millions in capital. In Q1\u00a02021, the CyberTech sector saw $4.1bn being pumped in driven by 17 deals of $100m or more, compared to just three such transactions recorded in Q1 2020,\u00a0<a href=\"https:\/\/member.fintech.global\/2021\/06\/09\/cybertech-investment-activity-set-a-record-pace-in-q1-2021-lifted-by-large-deals-in-the-us\/\">according to FinTech Global\u2019s research<\/a>. To add on, the list of C<a href=\"https:\/\/member.fintech.global\/2021\/07\/30\/here-are-the-top-26-cybertech-unicorns-you-should-know-about-cybertech\/\">yberTech unicorns is growing rapidly<\/a>\u00a0with ten new startups joining the billion-dollar club in 2021.<\/p>\r\n<p>According to Solsk\u00e4r, ethical hackers are undoubtedly becoming the cyber soldiers for companies in all sectors. She said, \u201cBy leveraging automation and building their own tools, bug bounty hunters can find vulnerabilities with low effort. With many organisations struggling to find cyber security talent, bug bounty programs can be a cost-efficient solution to improve the security posture.\u201d<\/p>\r\n<p>Looking ahead, Solsk\u00e4r believes that there will be a proliferation of more platforms capitalising on bug bounty programmes. She said, \u201cWe\u2019re still in the beginning of this, and we will see bug bounties evolving a lot in the next couple of years. There will be more third-party solutions where businesses can set up and manage their own bug bounty programs more easily.\u201d<\/p>\r\n<p>Yerzak believes bug bounty hunters will disrupt the security sector and more companies will start using the power of the crowd to get access to critical bug research. He concluded, \u201cBug bounty programmes have changed the cybersecurity sector by leveraging a potentially limitless source of hopeful testers to find flaws in an application \u2013 sometimes at the expense of more thorough testing in-house before the application goes live.\u201d<\/p>\r\n\r\n\r\n\r\n<p>This article originally appeared on the <a href=\"https:\/\/member.fintech.global\/\">FinTech Global<\/a> website. <a href=\"https:\/\/member.fintech.global\/newsletter\/\">Sign up<\/a> to our newsletters to receive regular updates.<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>The threat from cybercrime has never been greater. As a result, corporations and governments are increasingly turning to hackers i.e. white hats for help with the promise of cash rewards known as bug bounties. And experts suggest that it\u2019s the best way to boost cybersecurity. Google the word \u2018hacker\u2019 and most images seen on the [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":6373,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[50,52],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.6.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How ethical hackers can help FinTech companies fight cybercrime - CyberTech100<\/title>\n<meta name=\"description\" content=\"The threat from cybercrime has never been greater. As a result, corporations and governments are increasingly turning to hackers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How ethical hackers can help FinTech companies fight cybercrime - CyberTech100\" \/>\n<meta property=\"og:description\" content=\"The threat from cybercrime has never been greater. As a result, corporations and governments are increasingly turning to hackers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/\" \/>\n<meta property=\"og:site_name\" content=\"CyberTech100\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-13T14:09:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-16T15:15:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/fintech.global\/cybertech100\/wp-content\/uploads\/2022\/09\/chaozzy-lin-ZVKuMg9bmBU-unsplash-696x464-1.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"696\" \/>\n\t<meta property=\"og:image:height\" content=\"464\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"editorial\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"editorial\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/\",\"url\":\"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/\",\"name\":\"How ethical hackers can help FinTech companies fight cybercrime - CyberTech100\",\"isPartOf\":{\"@id\":\"https:\/\/fintech.global\/cybertech100\/#website\"},\"datePublished\":\"2022-09-13T14:09:11+00:00\",\"dateModified\":\"2022-09-16T15:15:20+00:00\",\"author\":{\"@id\":\"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/700e93a9f1ec1d00f1b7baf07636829d\"},\"description\":\"The threat from cybercrime has never been greater. As a result, corporations and governments are increasingly turning to hackers.\",\"breadcrumb\":{\"@id\":\"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/fintech.global\/cybertech100\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How ethical hackers can help FinTech companies fight cybercrime\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/fintech.global\/cybertech100\/#website\",\"url\":\"https:\/\/fintech.global\/cybertech100\/\",\"name\":\"CyberTech100\",\"description\":\"The world\u2019s most innovative CyberTech companies that every financial institution needs to know about\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/fintech.global\/cybertech100\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/700e93a9f1ec1d00f1b7baf07636829d\",\"name\":\"editorial\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g\",\"caption\":\"editorial\"},\"url\":\"https:\/\/fintech.global\/cybertech100\/author\/editorial\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How ethical hackers can help FinTech companies fight cybercrime - CyberTech100","description":"The threat from cybercrime has never been greater. As a result, corporations and governments are increasingly turning to hackers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/","og_locale":"en_US","og_type":"article","og_title":"How ethical hackers can help FinTech companies fight cybercrime - CyberTech100","og_description":"The threat from cybercrime has never been greater. As a result, corporations and governments are increasingly turning to hackers.","og_url":"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/","og_site_name":"CyberTech100","article_published_time":"2022-09-13T14:09:11+00:00","article_modified_time":"2022-09-16T15:15:20+00:00","og_image":[{"width":696,"height":464,"url":"https:\/\/fintech.global\/cybertech100\/wp-content\/uploads\/2022\/09\/chaozzy-lin-ZVKuMg9bmBU-unsplash-696x464-1.jpeg","type":"image\/jpeg"}],"author":"editorial","twitter_card":"summary_large_image","twitter_misc":{"Written by":"editorial","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/","url":"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/","name":"How ethical hackers can help FinTech companies fight cybercrime - CyberTech100","isPartOf":{"@id":"https:\/\/fintech.global\/cybertech100\/#website"},"datePublished":"2022-09-13T14:09:11+00:00","dateModified":"2022-09-16T15:15:20+00:00","author":{"@id":"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/700e93a9f1ec1d00f1b7baf07636829d"},"description":"The threat from cybercrime has never been greater. As a result, corporations and governments are increasingly turning to hackers.","breadcrumb":{"@id":"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/fintech.global\/cybertech100\/how-ethical-hackers-can-help-fintechs-fight-cybercrime\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/fintech.global\/cybertech100\/"},{"@type":"ListItem","position":2,"name":"How ethical hackers can help FinTech companies fight cybercrime"}]},{"@type":"WebSite","@id":"https:\/\/fintech.global\/cybertech100\/#website","url":"https:\/\/fintech.global\/cybertech100\/","name":"CyberTech100","description":"The world\u2019s most innovative CyberTech companies that every financial institution needs to know about","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/fintech.global\/cybertech100\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/700e93a9f1ec1d00f1b7baf07636829d","name":"editorial","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g","caption":"editorial"},"url":"https:\/\/fintech.global\/cybertech100\/author\/editorial\/"}]}},"_links":{"self":[{"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/posts\/6338"}],"collection":[{"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/comments?post=6338"}],"version-history":[{"count":5,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/posts\/6338\/revisions"}],"predecessor-version":[{"id":6374,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/posts\/6338\/revisions\/6374"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/media\/6373"}],"wp:attachment":[{"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/media?parent=6338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/categories?post=6338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/tags?post=6338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}