Top c-suite executives from the likes of Airbnb, PayPal and Spotify have recently revealed they have willingly spent more than $50m (£38m) on ethical hackers to tighten up their cyber defences and avoid expensive and disastrous data breaches. Whilst it may seem unreasonable to hire hackers, a growing number of high profile businesses are now turning to ethical hackers to hack into their organisation, to spot vulnerabilities and test how robust their security systems are.
Why Airbnb, Paypal and Spotify are paying hackers to break their security: Top global chief executives have willingly forked out more than $50m (£38m) to hackers amid growing concerns about cybersecurity threats. Bosses have paid so-called ethical… https://t.co/07dj23iEPE
— Sanzu © 🇪🇸 (@N4chelus) May 2, 2019
Expert Comments:
David Warburton, Senior Threat Evangelist at F5 Networks:
“While it may sound counter–intuitive to make use of hackers to help plan and test our cyber defences, the one thing they have in abundance is valuable, hands–on experience. As such, it’s great to see companies like Airbnb, Spotify and Paypal realising the significant benefits of working with ethical hackers.
“Security architects have a wealth of knowledge on industry best practise, but what is often lacking is first-hand experience of how attackers perform reconnaissance, chain together multiple attacks and gain access to corporate networks. Application defenders need to consider every single possible angle of an attack. With technology and vulnerabilities constantly evolving, it’s a never–ending mission with no tangible finish line. This is where employing ethical hackers can be beneficial. Ethical hackers and ex-cybercriminals can bring invaluable, real-world knowledge to a range of security activities, including threat modelling and penetration testing. They may offer a perspective that others haven’t considered and can show businesses how to adapt to threats by giving insight into their tactics and motivations.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.