- Companies need bug bounty platforms now more than ever
- The increase in the number of threats in 2020 pushed companies to secure their products better
- Human error is a main source of cyber risk
Companies in all industries have substantially increased their reliance on crowdsourced cybersecurity to keep up with the threat landscape and to provide more secure products, according to a report from Bugcrowd.
Many larger organizations now use online platforms to crowdsource security to researchers from all over the world in exchange for financial rewards. In fact, much of the software is too expansive for in-house security teams to find all possible vulnerabilities, which means they need outside support.
Some industries have reported a massive increase, of up to 500 percent, in the number of phishing emails, correlated with a seven-fold jump in ransomware attacks, according to a Bitdefender study. This alone has prompted companies to crowdsource software security.
“Vulnerability submissions were up 24% in the first ten months, compared to all of 2019” states the Bugcrowd report. “Across the board, computer software companies paid out almost five times as much as any other industry for submissions. Most notably, P1 submissions in the software industry nearly tripled in 2020.”
Unfortunately, the findings show organizations are struggling to fix even problems that they already know about, with some vulnerabilities remaining in place for a long time.
“The report found that eight of the top 10 bugs submitted in 2020 were also featured on the 2019 list. This illustrates that managing known risks remains a challenge for most enterprises.”
Some of the biggest drivers in terms of security issues are API and IoT vulnerabilities, which have doubled in 2020. On the other hand, Android vulnerabilities have tripled.
Broken access controls generated the most submitted vulnerabilities, followed by cross-site scripting (XSS) problems. Human error is the main driver of broken access control vulnerabilities, which leads to the obvious conclusion that people are a significant source of security risk.