Empowering hackers through bug bounty and crowdsourced security
By Intigriti
February 21, 2023
How ethical hacking is playing a role in social sustainability
Last month, we discussed the surprising connection between sustainability and cybersecurity. Here we saw how ensuring the cyber-resilience of critical infrastructure and securing key technologies like IoT networks will play a huge role in our pursuit of a greener future. But the concept of sustainability includes much more than just environmental concerns.
Back in 2015, the United Nations laid out 17 goals for sustainable development that were adopted by each nation-state as they look to hit more than 150 targets before 2030. These goals include things like fostering clean and affordable energy, action around the climate emergency, and protecting the world’s oceans. However, they also include socio-economic issues such as sustained and inclusive economic growth and inequality. It’s towards these ends that ethical hacking can also make a positive contribution.
Sustainable growth
One of the UN’s key sustainability goals is to, ‘Promote sustained, inclusive and sustainable economic growth, full and productive employment and decent work for all.’ Back in 2018, the World Bank reported that over the next 15 years, 600 million jobs would need to be created, with Sub-Saharan Africa alone needing 11 million more positions to meet this key goal.
It was also noted that people’s need for work intensifies other pressures such as mass-migration, which can itself have further knock-on effects. While there are many benefits to migration, it can sometimes be a negative symptom of unsustainable growth. Infrastructure and key resources often fail to keep pace, forcing those who migrated into worse conditions. Similarly, the drain of workers from the locations can lead to stunted productivity and growth. For these reasons, ensuring growth happens across the globe rather than in a select few countries will be key to achieving the goals set.
Crowdsourced security’s role
Prior to the growth of crowdsourced security services such as bug bounty programs, professionals in the cybersecurity testing sector tended to be diverted down two paths. They either found work performing services like pentests for other businesses, or they found themselves within internal security teams. Large security businesses were more likely to be found in G7 nations. Similarly, working in an internal security team was more likely to happen in cities and technology parks where cash-rich businesses tend to be based.
For individuals to whom these jobs weren’t available, capitalizing on their skills as an ethical hacker was extremely difficult. Thankfully, this is no longer the case.
Today’s modern bug bounty platforms allow hackers anywhere in the world to use their skills to generate income. Regardless of the job opportunities immediately available to them in their local area, bug bounties offer a route that connects their skills with the point of need, and ensures the money is not diverted away from where the service comes from.
Though bounty hunting remains mostly a part-time profession, it can represent an increasingly significant portion of income. Moreover, our own research suggests the future is bright and that many hackers would like to devote more time to ethical hacking.
In our Ethical Hacker Insights Report 2022, we found that 96% of respondents stated that they want to increase the amount of time they spend hunting for bounties, two- thirds (66%) would even go as far as to consider the practice a full-time career.
Similarly, ethical hacking offers many attractive benefits on top of the money that can be earned. Nearly 50% of respondents said one of the aspects attracting them to hacking was the ability to be their own boss, while the same number mentioned getting to work their own hours.
Cybersecurity and social sustainability: Thoughts from a hacker
We spoke to Oct0pus7, one of the top hackers in the Intigriti community, to get a better sense of the opportunity ethical hacking provides to individuals from a lower socio-economic background:
Crowdsourced security is beneficial in many ways, as using the security skills of many people can help to cover a lot of ground in the security of a project. This allows project managers to quickly identify and fix vulnerable components, making their product more secure, which also leads to a safer internet for people, including those who are not aware of crowdsourced security.
Crowdsourced security opens a lot of opportunities for ethical hackers; it gives us the opportunity to monetize our security skills, even if we don’t have 2-5 years of experience in a similar role as required by traditional employment environments.
It provides us with a good income, even a full-time job for some of us, and allows us to choose when, where, and for how long we work. But with that comes a responsibility. We need to keep up-to-date in the security field
,because although crowdsource security gives us the opportunity to earn a good income – sometimes similar to positions that require many years of employment experience – this field, like others, pays you for a combination of effort and knowledge, so the more you know and the more effort you put into it, the more income you will have.