Small Businesses Are Going to Need Bug Bounties to Combat Cyber Attacks

July 11, 2017

12:20 pm

The likelihood of cyber attacks on small businesses is actually higher than the constant and varied cyber intrusions being reported worldwide. The New York Times reports that 62 percent of all such attacks are on SMBs, at a rate of about 4,000 per day.

According to data released last week by Black Hat USA, cyber security professionals do not feel confident that their organizations are prepared for attacks on their infrastructure.

Their third annual attendee survey, Portrait of an Imminent Cyberthreat, was released publicly last week in advance of this month’s Black Hat Conference in Las Vegas.

In a survey that included 580 respondents and security professionals of varied experience levels and positions, two-thirds of respondents think it’s likely that their own organizations will have to respond to major security breach within the next 12 months, and the majority of them do not believe they possess the staff or the budget to meet these threats.

Is Your Small Business Protected from Cyber Attacks?

Small business owners and founders often already face vast talent shortages. The cybersecurity field is no exception. Respondents to the survey noted that lack of access to qualified people and skills is the main reason that their enterprise IT security strategies can fail. And in fact, the ISC(2) reports that by 2022, the industry will be facing a shortfall of 1.8 million workers!

The fact is that you can take steps to protect your small business from cyber threats, even if you can’t afford to hire a security professional.

  • Check out free online security tutorials. These tools can be found on government sites like that of the Small Business Administration, which also has webinars, and the site of the Defense Security Service, an arm of the Department of Defense.
  • Review any of your application sites. Look at any sites that can access your users’ data against browser scoring tools. Mozilla has created a suite of tools to guard against threats, including Subresource Integrity (SRI) and Content Security Policy (CSP).
  • Prepare a bug bounty budget. Once your security is in place, you can hire ethical hackers to test your system for vulnerabilities. A bug bounty is a reward given in exchange for the bugs that are found through this process. Hackerone is one tool that can help you set up this bug bounty system. It’s definitely more affordable than actually being hacked.

Is State-Sponsored Hacking Contributing to the Threats?

Every day, there is more information – yet more uncertainty – regarding the presence of state-sponsored cyber attacks. On the heels of the G20 summit in Hamburg, The Washington Post reported that “Russian government hackers were behind recent cyber-intrusions into the business systems of U.S. nuclear power and other energy companies”.

Recent state-sponsored cyber attacks — including alleged Russian interference in US elections, Chinese cyber espionage on U.S. corporations, and the alleged connection between North Korea and the spread of the WannaCry ransomware worm in May — have eroded IT security professionals’ confidence in critical infrastructure security.

Black Hat’s attendee survey reports that respondents overwhelmingly believe state-sponsored hacking from countries such as Russia and China has made U.S. enterprise data less secure. Further, only 26 percent of the respondents believe that the new White House administration will have a positive impact on cybersecurity policy, regulation, and law enforcement over the next four years.

cyber attack

While the President recently signed an Executive Order aimed at “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” and the recommendations within it are solid, there still remains the problem of staffing.

It’s one thing to hold heads of departments and agencies accountable, but yet another to actually find people prepared to hold the responsibility of maintaining cyber security. Experts repeatedly stress the lack of skilled analysts available to complete the sophisticated work required to prevent a cyber attack.

Equipping Security Professionals to Combat Cyber Threats

At the Black Hat USA conference in Las Vegas,  some of the brightest minds in the InfoSec community come together  to offer programming dedicated to the very latest InfoSec research, development and trends.

In an effort to welcome a wider range of InfoSec professionals to the Black Hat community, diversity programming is available at the conference this year. Helping to expand the career opportunities and continuing education in this space is crucial to prepare businesses and government entities against cyber threats. In addition, The Executive Women’s Forum is offering complimentary academic passes to female university students with an interest in Information Security.

Read more about cybersecurity at TechCo

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Software developer since 1998. Member of #VegasTech and founder of Las Vegas based startup WorkingOn. Follow him on Twitter

  • Shares

Leave a Reply

  • (will not be published)
Startup_Mixology_300x250