Info@NationalCyberSecurity
Info@NationalCyberSecurity

Can cybersecurity keep pace with attackers? – Bugcrowd | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Approaches to cybersecurity may need to be fundamentally changed to remain effective against attackers, according to Casey Ellis, founder and chief strategy officer of crowdsourced cybersecurity provider Bugcrowd.

Speaking to Verdict following yesterday’s (23 May) announcement that the company has acquired Informer, Ellis explains: “The ping time between what the cat does and what the mouse does, it’s getting shorter. I think artificial intelligence (AI) is accelerating that feedback loop pretty rapidly. The rate of acceleration of those iterations is going up, and, at some point in time, that iteration circle gets so tight that it’s almost impossible to be inside that loop.

“I do feel like we’re approaching that, and we’re testing those limits at this point in time.”

The Bugcrowd story

Bugcrowd is something of a darling of the tech community, having reached a valuation of $1bn at its last round of funding, when it raised $102m to drive growth through the continued innovation of its platform and bolstering its workforce around the world.

Speaking alongside Ellis, CEO David Gerry says: “The piece that maybe we didn’t give enough credit to when we did the fundraise was how powerful of a partner [US venture capital firm] General Catalyst was going to be both from a leadership standpoint and in terms of putting the right people around the business when we need them the most – but also just being in the trenches with us.

“I talk to a lot of CEOs and I do a lot of funding reference calls and things like that for a lot of different VCs. That’s what I continually tell these folks is, ‘Make sure you have the right partner around the room that’s aligned with the vision,’ because, I will tell you, it makes it a hell of a lot easier when you’ve got the right board and the right investors lined up saying, ‘Hey, we’re bought into the vision that you’ve laid out, and we’re going give you the governance that a board does, and we’re going to help guide you, but, ultimately, we’re bought in’.”

Access the most comprehensive Company Profiles
on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free
sample

Thank you!

Your download email will arrive shortly

We are confident about the
unique
quality of our Company Profiles. However, we want you to make the most
beneficial
decision for your business, so we offer a free sample that you can download by
submitting the below form

By GlobalData

Country *
UK
USA
Afghanistan
Åland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint
Eustatius
and
Saba
Bosnia and Herzegovina

Botswana
Bouvet Island
Brazil
British Indian Ocean
Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic

Chad
Chile
China
Christmas Island
Cocos Islands
Colombia
Comoros
Congo
Democratic Republic
of
the Congo
Cook Islands
Costa Rica
Côte d”Ivoire
Croatia
Cuba
Curaçao
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern
Territories

Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard Island and
McDonald
Islands

Holy See
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
North Korea
South Korea
Kuwait
Kyrgyzstan
Lao
Latvia
Lebanon
Lesotho
Liberia
Libyan Arab Jamahiriya

Liechtenstein
Lithuania
Luxembourg
Macao

Macedonia,
The
Former
Yugoslav Republic of
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands

Norway
Oman
Pakistan
Palau
Palestinian Territory
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Réunion
Romania
Russian Federation
Rwanda
Saint
Helena,
Ascension and Tristan da Cunha
Saint Kitts and Nevis
Saint Lucia
Saint Pierre and Miquelon

Saint Vincent and
The
Grenadines

Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South
Georgia
and The South
Sandwich Islands
Spain
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen

Swaziland
Sweden
Switzerland
Syrian Arab Republic
Taiwan
Tajikistan
Tanzania
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands

Tuvalu
Uganda
Ukraine
United Arab Emirates
US Minor Outlying Islands

Uruguay
Uzbekistan
Vanuatu
Venezuela
Vietnam
British Virgin Islands

US Virgin Islands
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
Kosovo

Industry *

Academia & Education
Aerospace, Defense &
Security
Agriculture
Asset Management
Automotive
Banking & Payments
Chemicals
Construction
Consumer
Foodservice
Government, trade bodies
and NGOs
Health & Fitness
Hospitals & Healthcare

HR, Staffing &
Recruitment
Insurance
Investment Banking
Legal Services
Management Consulting
Marketing & Advertising

Media & Publishing
Medical Devices
Mining
Oil & Gas
Packaging
Pharmaceuticals
Power & Utilities
Private Equity
Real Estate
Retail
Sport
Technology
Telecom
Transportation &
Logistics
Travel, Tourism &
Hospitality
Venture Capital

<!–

–>

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Founded in 2012, Bugcrowd is credited with pioneering the crowdsourced cybersecurity category.

“To me, that just made the most sense – the idea of being able to take the latent potential that exists in the white hat hacker community and plug it into as many different cybersecurity problems that we can find,” says Ellis. “That seems to be a really good way to outsmart an army of adversaries. It’s basically connecting an army of allies. That was really kind of the founding thesis.”

The premise of the company is straightforward – its platform connects clients with half a million hackers offering a variety of cybersecurity skills. The flexibility this offers is as much a part of the value on offer as the skills themselves.

“The idea of one person being paid by the hour in the context of pen testing and being expected to outsmart all of the potential bad guys that are out there with all the different skill sets they have – and, meanwhile, defending all of the different possibilities for attack surface that have also been created by humans who are awesome, but imperfect – that that one person is going to fail, and it’s not actually their fault,” Ellis argues. “It’s a math problem.”

Bugcrowd founder and chief strategy officer Casey Ellis.

The future of Bugcrowd

Bugcrowd’s own math makes for impressive reading. Last year it added about 40% onto its top line, 130 employees, 225 customers and 50,000 hackers to its community.

Gerry says: “We’ll probably add 100 to 120 people this year. We added 20 to 30 just this week. We added another 60 customers in the first quarter, grew the business well over 30% again – so we’re seeing that that growth is now sustainable. We’ve got five or six quarters of really high levels of growth, and 60% of our customers come over from another platform.”

Gerry adds that channel sales accounted for virtually zero a couple of years ago but are now up to around 20% and are targeted long-term at 40-50%.

“And then the last piece is really around the M&A front,” he says. “The fact that we’ve got our first acquisition done just about 90 days after the fundraising announcement certainly is a good indicator, and we’ve got a pipeline of deals to go do as well.”

Attack surfaces

Like others in the cybersecurity industry, Ellis and Gerry believe the attack surfaces of organisations are much bigger today than many realise, and its acquisition of Informer – a provider of external attack surface management (ASM) and continuous penetration testing – is aimed at reinforcing its capabilities there.

Asked whether attack surfaces are growing or organisations are simply unaware of some potential threats, Gerry says: “It’s both.”

He explains: “Now, you have the rapid onslaught of everything is an API, everything is an app, everything is a web property, everything is a portal. Okay, how are we going to keep track of that? There’s no way for organisations to be able to secure everything they have if they don’t know they have it. So, the first foundational piece of this is we need to have a discovery story of what do we actually have out there?”

Another growing cybersecurity threat is, of course, artificial intelligence (AI) – both in the hands of adversaries and through organisations’ own insecure rollouts of AI applications.

“In the hands of defenders and attackers alike, it decreases the time to success and it democratises the access to power,” says Ellis. However, he points to the race to roll out the technology as a major issue.

“In my opinion, what is going to end up being the biggest actual threat is the idea of integrating AI into everything,” he explains. “We’re doing it right now, the idea of slumping an LLM onto an existing system with a great degree of speed because everyone’s trying to compete with their peers to get this kind of technology into whatever it is that they’re doing as quickly as possible. Whenever we’ve seen that in the past, it’s always bad at some point in the future.”

“You’ve got folks trying to move as quickly as they can and making even R&D decisions that end up being pretty badly insecure. So there’s an almost infinite number of things that could go wrong in that domain.”

By way of agreement, Gerry adds: “Businesses are incentivised to get products to market as quickly as possible. Security is still an afterthought, right?”

Do the basics

Such are the rudimentary oversights that organisations make where cybersecurity is concerned – in relation to AI or otherwise – that attacks themselves are not evolving a great deal. They are simply being facilitated in more sophisticated ways.

“If the front door is unlocked, an economically rational bad guy is just going to walk in through the front door,” says Gerry. “They’re not going to bother doing all the fancy stuff if they can get it done simply, right? That’s just economics.”

Ellis expands: “The attacks are actually staying roughly the same. When you look at a lot of the key exploitation that’s happened out of nation-states over the past four years has been exploiting old vulnerabilities. It’s not zero-day. It’s not crazy, sophisticated stuff. It’s just the result of poor hygiene.”

The two implore organisations to simply “do the basics”, but of his contention that doing the basics may not be enough for much longer, Ellis asks: “How will we fundamentally alter the game theory and the economic incentives around security so that we can start to think about it through the lens of being like anti-fragile and resilient by default, not just reactive to what the bad guys are doing?”

<!– –>


!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1175064750058523’);
fbq(‘track’, ‘PageView’);

!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘501151668227761’);
fbq(‘track’, ‘PageView’);

——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW