Transparency to ethical hackers urged for stronger cybersecurity
Organizations are advised to collaborate with ethical hackers, emphasizing the importance of transparency in the process.
Open communication and trust with ethical hackers can provide businesses with an efficient and continuous assurance of their digital defenses, according to Sajeeb Lohani, Director of Cybersecurity at Bugcrowd.
In an exclusive interview at the Australian Cyber Conference, Lohani mentioned that businesses can effectively utilize the expertise of ethical hackers through the key role of transparency and proper communication.
“You tell them, hey, this is where I think you actually need to be able to go focus, they will focus their time, they'll put in their effort, if you give them some kind of incentive to go and do that, they'll be passionate about it, and try to help you quite significantly,” he said.
He said that hacking is no longer ‘terribly illegal’ if you have a written permission.
“So come to a safe place with a safe harbor. And then utilize that relationship to be able to go and crowdsource security. It'll cost you less. It'll be efficient, and it'll give you that continuous assurance that you actually really need,” he said.
Lohani shared Bugcrowd’s service CrowdStream as an example of how transparency with ethical hacking can benefit companies.
He cited a case involving a major car industry player whose ServiceNow credentials were leaked on GitHub. Thanks to the GitHub reconnaissance conducted by an ethical hacker, the company quickly identified, verified, and rectified the security lapse.
“So it basically gave that extra bit of visibility, which frankly, you won't really get on every single general, like point in time testing. Instead, that continuous assurance is what we kind of tried to preach the crowdsource solution,” he said.
Currently, Lohani sees different types of threats surrounding cybersecurity including supplier risks and technology adoption.