A survey conducted by bug bounty and pentesting platform, HackerOne, has revealed that IT projects are being stifled due to security concerns. More than 80% of UK CISOs and CTOs who were interviewed revealed software IT projects have been hindered due to concerns over inevitable security issues. 90% also agreed that software vulnerabilities were a significant risk to their organisation.
“Organisations need to find a balance between driving innovation and keeping data safe. It is not surprising that fear around cyber security is hindering this, but by moving beyond traditional cyber security strategies, businesses can start to feel empowered,” said Laurie Mercer, Security Engineer at HackerOne. “When I started writing code, new releases of software would take 6 months to develop and test. Today new software is released every hour. This new pace of innovation poses a problem for security teams but, by implementing a strategy that supports continuous security, businesses can ensure they are on alert for any vulnerabilities that software might have. The key is to ensure security is constantly evolving.”
Manpower and budgets are also a key concern for security professionals, with 63% believing security team resources are not able to keep up with the pace of development. Lack of budget and other resources including skill sets were also cited as key barriers to creating a well-rounded cyber security strategy, by over a third of respondents. However, Despite the significant number of concerns around vulnerabilities and limited resources, the survey highlighted that 62% would rather accept the risk of software vulnerabilities than invite unknown hackers to find them, and 63% say they are only comfortable accepting bug submissions from vetted hackers.
A HackerOne customer and CISO of an international health and beauty retailer said, “I understand first-hand the nature of remaining cautious, but, as we all know, traditional cyber security methods alone are not sufficient. CISOs find themselves in a tricky position, needing to embrace innovation, but while ultimately remaining responsible for cyber security. The security landscape is ever evolving and therefore we need to approach defensive strategies in the same way. By working with ethical hackers, it gives organisations the freedom to work on new projects, spin up new applications and try different ways of working, while at the same time there is peace of mind that continuous and on-going testing is taking place. With ethical hacking, these vulnerabilities can be fixed immediately.”