​Why a penetration test isn’t enough for your security

It used to be all behind closed doors: companies didn’t want to show their humanity. Errors in their websites or software? They could ethically take hackers out, but they were silent about it. Now that is no longer the case and as a company you can be proud that you have ethical hackers working for you to help you improve your product or online presence.

Intigrity

Bug bounty platform Intigriti conducted research among 1,759 security experts. 96 percent of them would like to spend more time hunting bugs and 66 percent are even considering taking it into a full-time job. Not a bad idea as ethical hackers are in high demand right now and so the jobs are practical for sorting out. In addition, participating in bug bounty programs is a good way for many well-meaning hackers to keep training themselves on their skills and learning new things.

Especially now that more and more malicious hackers are active due to the pandemic, it is important to hire well-intentioned hackers to defend the company against possible cyber attacks. These ethical hackers turn every nook and cranny of the software inside out by attempting to hack into the company themselves. If that succeeds, such an ethical hacker will pass on where the problem lies and he or she can be paid for his services.

So a win-win situation. An ethical hacker can even start hacking in the evenings in addition to a permanent job. This is possible, for example, with the Intigriti platform, on which more and more companies and ethical hackers are now able to find each other in order to achieve an even safer internet together. With a bug bounty platform like Intigriti’s, companies constantly have ethical hackers at their disposal, as they write bounties to people who use the platform to point out a weakness. An ethical hacker makes money with it, but a company saves a lot of money with it: the total saved costs on cybercrime since the launch of Intigriti’s platform are 68 million euros, the company believes. “This is the total cybercrime cost we have saved our customers since the launch of Intigriti.”

Ethical Hackers

Often companies think that an occasional pen test is enough. This is a penetration test, in which an expert goes through a part of the security system to see to what extent it is hackable and contains weaknesses. It’s good that it happens, but it’s often a snapshot, in addition to not covering the entire security line. Intigriti believes that a company should be examined in a more constant manner by security experts, and the surveyed experts agree with this. 90 percent of security experts agree that a penetration test does not provide sufficient assurance that an organization is secure day-in, day-out.

The ethical hackers on the platform determine their own working hours and can, for example, hunt bugs as a side job. Although there are also ethical hackers who have made the Intigriti platform their full-time job. Intigriti is growing and growing: In one year, the number of security researchers on the platform has increased by 43 percent and the number of vulnerabilities reported by 43 percent. There were also 48 percent more bug bounty programs and 23 percent of ethical hackers saw that as a good reason to spend more time on the platform and detecting bugs. If you join this platform as a company, the group of ethical hackers is large.

Find bugs

As a company, you are naturally curious about how ethical hackers approach such a career. 54 percent of Intigriti hackers work full-time in another job and 32 percent are students. A fifth of part-time bug hunters earn more than a quarter of their total income through bounty premiums. 14 percent of the people at Intigriti are full-time bughunters, meaning 86 percent do it part-time. In short, the ethical hackers find enough weaknesses to make a living from their ‘hunting’. Even if your company has just passed security tests completely, there is a good chance that an Intigriti hacker will still find a weakness to exploit. The advantage is that the ethical hacker does not do the latter: he or she reports the bug so that your IT people can ensure that the weakness is solved as soon as possible.

[Fotocredits –
DC Studio © Adobe Stock]

Leave a Comment