Modern cyber security: ethical hacking and bug bounties

As technology advances and the world marches closer to the Internet of Things, times have never been more profitable for hackers. Previously lumbered with the stereotype of sitting at home, in their pyjamas, ordering pizza and engaging in geeky banter on chat rooms – hackers are now sought after by the biggest companies.

Companies who’ve never had to think about online security before are concerned about the quality of their defences. For example, NewsLetter found a hacker who was able to hack into his school system to see the list of donors for its ongoing regeneration program. He also managed to jump through a series of programs for one company he was working for, and managed to turn of the heating in their chicken coop 300 miles away. Schools and chicken coops didn’t used to have to worry about hackers, and as more companies now do more security teams are goint to be required.

The Centre for Cyber Safety and Education predicts that by 2022, the global economy will be short of 1.8 million skilled security workers. And I think this may even be a low estimate – firstly, only recently has this kind of work involved any formal training; for the most part hacking has involved informal training almost by definition. Secondly, these are people who like to break things; there might be a small part in all of us that enjoys the idea of breaking things – but generally people go for making things instead. And finally, hackers don’t operate in the job market as people usually would, they’re deliberately elusive.

So big companies initially found it hard to find and get the attention of hackers. But they’ve found a way to bring them out of the woodwork with “bug-bounties”, cash rewards for being able to identify flaws in their security. HackerOne, who handle these kind of programs, told Reuters they’d paid out $18.8 million in the past 3 years to fix bugs, of which about half was in the last year alone.

The lure of being able to ply the craft you love without morals or the FBI getting in the way is proving to be big business. Microsoft will pay up to $250,000 in their bug bounty program. But it’s not just about cash, hackers still thrive on the reputation gained for uncovering a well hidden and well defended flaw. And they don’t even have to hang around to fix the bugs, the company running the program then needs to pick up the holes identified and fix them.

You’ve got to give it to the hackers, they haven’t been forced into a hole or undermined by “the establishment”. Rather, they’ve managed to bend everyone else to their way of working.