This article can be found in Inside the Platform: Bugcrowd’s Vulnerability Report. Read the whole report for insights into what millions of vulnerabilities tell us about the year to come.
In a recent conversation, we had the opportunity to speak with the Director of Cybersecurity at a leading data networking organization. Our discussion provided insights into their experience launching a Vulnerability Disclosure Program and shed light on the current threat landscape.
This director is a winner of Cyber Defense Magazine’s 2023 Top Global CISO Award with over 19 years of experience in the IT security field. This Bugcrowd customer is a data networking hardware leader that strives to build the world’s most reliable, innovative, future-ready wireless technologies that securely connect every person and everything, effortlessly.
AI threats and the cybersecurity skills gap
We spoke to their director, who is seeing major changes to the threat landscape since the beginning of the pandemic, specifically in the complexity of security threats and the prevalence of automated and AI-based cyber threats. “As vulnerabilities and threats continue to increase and become more complex in the wake of AI-based cyber threats, security professionals need to upskill themselves in automation and AI-based technologies to tackle such threats,” they said.
They also cite the cybersecurity skills gap as one of the top security risks impacting organizations at the moment. “We are at the cusp of an ever-changing technology landscape and evolving, sophisticated security threats. Without adequate cybersecurity skills, organizations are at a significant risk of getting compromised.”
They predict the cybersecurity skills gap will continue to increase in the short term, but they aren’t without hope. “The security industry has been a pioneer in hiring people from diverse technology and education backgrounds, helping them train in cybersecurity skills to fix the hiring gap,” they said. They recommend that organizations focus on investing resources in their cybersecurity personnel to ensure they stay updated on the latest and greatest with respect to cybersecurity skills. “Cybersecurity upskilling should be one of the top business priorities in the organization.”
Leveraging crowdsourced security to address the cybersecurity skills gap
Crowdsourced security is another way to address the cybersecurity skills gap, helping organizations connect with thousands of security experts around the world. The data networking organization decided to partner with Bugcrowd to establish a Vulnerability Disclosure Program (VDP) in order to help manage the vulnerabilities reported by the hacker community. With the help of Bugcrowd, they were able to put a structure to vulnerability submissions, helping them comply with security, compliance, and regulatory requirements.
Beyond compliance requirements, they explored adopting a VDP because they wanted to do everything possible to proactively reduce risk exposure, innovating in security instead of just checking boxes. “We want to visibly demonstrate our commitment to security, building productive relationships with the hacker community. We want security testing and remediation to keep up with the pace of innovation,” they said.
They chose to partner with Bugcrowd because it offers a multi-solution platform, extensive experience and a track record of fast triage response times, reporting and analytics capabilities, adoption and integration, and emphasis on long-term success. Looking forward, they intend to complement their VDP with other Bugcrowd products, including launching a Managed Bug Bounty program and utilizing Pen Testing as a Service.
