The worldwide cybersecurity market is flourishing. Specialists at Gartner predict that the end-user spending for the data safety and threat administration market will develop from $172.5 billion in 2022 to $267.3 billion in 2026.
One massive space of spending contains the artwork of placing cybersecurity defenses below stress, generally generally known as safety testing. MarketsandMarkets forecasts the worldwide penetration testing (pentesting) market measurement is predicted to develop at a Compound Annual Progress Charge (CAGR) of 13.7% from 2022 to 2027. Nonetheless, the prices and limitations concerned in finishing up a penetration take a look at are already hindering the market development, and consequently, many cybersecurity professionals are making strikes to seek out another resolution.
Pentests aren’t fixing cybersecurity ache factors
Pentesting can serve particular and essential functions for companies. For instance, potential prospects might ask for the outcomes of 1 as proof of compliance. Nonetheless, for sure challenges, the sort of safety testing methodology is not at all times the most effective match.
1 — Constantly altering environments
Securing continuously altering environments inside quickly evolving menace landscapes is especially tough. This problem turns into much more difficult when aligning and managing the enterprise threat of latest tasks or releases. Since penetration assessments concentrate on one second in time, the outcome will not essentially be the identical the subsequent time you make an replace.
2 — Speedy development
It will be uncommon for fast-growing companies to not expertise rising pains. For CISOs, sustaining visibility of their group’s increasing assault floor may be significantly painful.
In response to HelpNetSecurity, 45% of respondents conduct pentests solely a few times per yr and 27% do it as soon as per quarter, which is woefully inadequate given how shortly infrastructure and functions change.
3 — Cybersecurity abilities shortages
In addition to limitations in budgets and assets, discovering the accessible skillsets for inner cybersecurity groups is an ongoing battle. Consequently, organizations haven’t got the dexterity to identify and promptly remediate particular safety vulnerabilities.
Whereas pentests can provide an outsider perspective, usually it is only one particular person performing the take a look at. For some organizations, there may be additionally a difficulty on belief when counting on the work of only one or two folks. Sándor Incze, CISO at CM.com, provides his perspective:
“Not all pentesters are equal. It’s totally laborious to find out if the pentester you are hiring is nice.”
4 — Cyber threats are evolving
The fixed battle to remain updated with the newest cyberattack strategies and tendencies places media organizations in danger. Hiring specialist abilities for each new cyber menace kind can be unrealistic and unsustainable.
HelpNetSecurity reported that it takes 71 p.c of pentesters one week to 1 month to conduct a pentest. Then, greater than 26 p.c of organizations should wait between one to 2 weeks to get the take a look at outcomes, and 13 p.c wait even longer than that. Given the quick tempo of menace evolution, this ready interval can go away firms unaware of potential safety points and open to exploitation.
5 — Poor-fitting safety testing options for agile environments
Steady growth lifecycles do not align with penetration testing cycles (usually carried out yearly.) Subsequently, vulnerabilities mistakenly created throughout lengthy safety testing gaps can stay undiscovered for a while.
Bringing safety testing into the Twenty first-century Affect
A confirmed resolution to those challenges is to make the most of moral hacker communities along with a regular penetration take a look at. Companies can depend on the facility of those crowds to help them of their safety testing on a steady foundation. A bug bounty program is among the commonest methods to work with moral hacker communities.
What’s a bug bounty program?
Bug bounty packages permit companies to proactively work with unbiased safety researchers to report bugs by way of incentivization. Typically firms will launch and handle their program by way of a bug bounty platform, resembling Intigriti.
Organizations with high-security maturity might go away their bug bounty program open for all moral hackers within the platform’s group to contribute to (generally known as a public program.) Nonetheless, most companies start by working with a smaller pool of safety expertise by way of a non-public program.
How bug bounty packages help steady safety testing constructions
Whilst you’ll obtain a certificates to say you are safe on the finish of a penetration take a look at, it will not essentially imply that is nonetheless the case the subsequent time you make an replace. That is the place bug bounty packages work effectively as a follow-up to pentests and allow a steady safety testing program.
The affect of bug bounty program on cybersecurity
By launching a bug bounty program, organizations expertise:
- Extra strong safety: Firm information, model, and fame have further safety by way of steady safety testing.
- Enabled enterprise objectives: Enhanced safety posture, resulting in a safer platform for innovation and development.
- Improved productiveness: Elevated workflow with fewer disruptions to the provision of providers. Extra strategic IT tasks that executives have prioritized, with fewer safety “fires” to place out.
- Elevated abilities availability: Inner safety group’s time is freed through the use of a group for safety testing and triage.
- Clearer price range justification: Capability to offer extra vital insights into the group’s safety posture to justify and inspire for an enough safety price range.
- Improved relationships: Mission delays considerably lower with out the reliance on conventional pentests.
Wish to know extra about organising and launching a bug bounty program?
Intigriti is the main European-based platform for bug bounty and moral hacking. The platform permits organizations to scale back the chance of a cyberattack by permitting Intigriti’s community of safety researchers to check their digital property for vulnerabilities constantly.
In the event you’re intrigued by what you’ve got learn and wish to learn about bug bounty packages, merely schedule a gathering in the present day with one among our specialists.