Crowdsourcing – garnering input or support for a venture from a large number of people via the internet – has become an everyday practice, and the most common variety is the crowdfunding campaign.
According to the popular platform GoFundMe, more than 10,000 people start a GoFundMe campaign each day – a statistic that explains the site’s claim to have raised more than $5 billion since its 2010 launch. Such campaigns are well and good for individuals and businesses looking to raise money to get new products off the ground or muster support for a pet cause, but would you trust crowdsourcing as a means to improve the security of your network and enterprise systems?
Quite a few of the world’s largest high-tech vendors do just that, and the smart money suggests that hundreds of organisations are set to follow suit. Offering financial rewards or “bug bounties” to hackers who can find a weakness in your cybersecurity bulwark can be a fast and cost-effective way for organisations to strengthen their defences before trouble strikes for real.
The chance of real trouble is rising. A study by A.T. Kearney discovered that Southeast Asian countries are being used as launchpads for cyberattacks, as both vulnerable hotbeds of unsecured infrastructure where numerous endpoints can be targeted for large-scale attacks and as bases for a single point of attack to gain access to the hubs’ global links. The study also found that cyber security issues could cripple Southeast Asia’s digital innovation agenda – an essential pillar for the region’s success in the digital economy – with the top thousand companies in the region potentially losing $750 billion in market capitalisation.
Large organisations – those with more than 500 employees – may incur losses as high as $35.9 million in the form of direct, indirect and induced costs should a significant breach occur.
Many eyes make for safer systems
A crowdsourcing cybersecurity initiative is not a complete safety solution, but it can be an excellent way to test the efficacy of the measures you’ve already put in place.It’s not a matter of throwing down the gauntlet to random, faceless hackers with dubious intentions. Companies can engage with the cybersecurity equivalent of GoFundMe, established platforms whose verified security researcher members can opt-in to challenges as they’re posted. Popular platforms include HackerOne and Bugcrowd.
Here are some reasons why it makes sense to open your enterprise security infrastructure up to the crowd.
Scarce resources on demand
If you’re a Southeast Asian organisation looking to beef up your internal cybersecurity team, then good luck with that. The dearth of skilled cybersecurity professionals constitutes a global impediment as the United States’ Information Systems Audit and Controls Association (ISACA) declared a worldwide shortage of over two million professionals by 2019.
Malaysia requires 10,000 cybersecurity professionals by 2020, but unfortunately the Southeast Asian nation had only amassed 6,000 professionals in 2018. Other nations in the region are taking necessary steps to plug the skills gap with Singapore’s announcement in 2018 to form a cyber defence vocation that will lead to a 2,600 strong force of cybersecurity professionals, under the ambit of the Singapore Armed Forces.
Security crowdsourcing can provide access to a smorgasbord of specialised skills that would be expensive and difficult to access on the open market. Better still, they’re available on a no-win, no-fee basis, as companies only pay bounties when bugs are detected. That makes it a cost-effective means of augmenting existing resources.
A headline-hitting breach or security outage has the potential to be a long-term reputation wrecker. Consumers fret about the fallout should their data fall into hackers’ hands and wonder whether the company in question is committed to ensuring it doesn’t happen again. Commencing a crowdsourcing security initiative can be one way to demonstrate you’re taking the issue seriously and are willing to explore new measures to bolster your defences.
Keeping up with the company next door
If there’s one thing hackers and cybercriminals like, it’s easy access.Keeping pace with other organisations on the cybersecurity front lessens the chance you’ll be a sitting duck. As security crowdsourcing goes mainstream, that may mean joining the crowd of companies posting their own bug bounty challenges.
In a climate of rising risk, there’s no room for complacency. Southeast Asian companies need to act wisely and strategically if they’re to keep pace with the army of hackers and cybercriminals intent on compromising and exploiting corporate networks and the customer data they contain. Enlisting a crowd of experts to the defence team can be a great start.
Written by Scott Robertson is the Vice President of Asia Pacific and Japan for Zscaler. He has more than 20 years of experience in IT and IT Security, having previously held senior leadership positions at WatchGuard, CRYPTOcard and Microsoft.