Is crowdsourcing cybersecurity the answer to CISOs' problems?

More than half of organizations now run bug bounty and other crowdsourced options to avoid data breaches, according to a Bugcrowd report.

5 reasons to start a bug bounty program

As the cybersecurity landscape continues to expand and hackers grow more sophisticated, CISOs are increasingly turning to crowdsourced security measures, such as bug bounty programs, to find weaknesses in their defenses before cybercriminals can, according to a Thursday report from Bugcrowd and ESG.

Crowdsourced security--an approach that uses a group of ethical hackers to uncover vulnerabilities in business applications, devices, and networks--can also help fill cybersecurity talent gaps, which many companies still struggle with. Common practices for crowdsourced security include bug bounty programs and responsible disclosure.

SEE: Incident response policy (Tech Pro Research)

Of the 200 CISOs and cybersecurity decision makers surveyed for the report, 55% said they have already run a crowdsourced cybersecurity program. Another 32% said they are either interested in or expecting to do so in the next year.

CISOs who have used crowdsourced cybersecurity programs reported benefits including paying for valid results rather than effort or time (44%), the varied expertise of hackers (42%), and continuous coverage of applications (42%). This is particularly important for large enterprises, the report noted, as they operate on average over 1,300 complex applications, more than 500 of which on average remain unprotected by security tools.

However, these programs will likely not replace traditional security methods, the report found: The majority of cybersecurity leaders (59%) see crowdsourced security as a complement to penetration testing, while 34% said they see them as unique and offering different benefits. Only 7% said they see the two as redundant, according to the report.

"The adoption of crowdsourced security is trending upward, indicating growing awareness of and trust in nontraditional security alternatives," the report stated. "The cybersecurity community is clearly embracing complementary approaches to achieve defense in depth and faster results. Crowdsourced security, which offers ethical hackers and NGPT, is best viewed as a service to augment traditional solutions, notably in high-value areas such as continuous vulnerability assessment and SDLC integration."

To learn more about how to develop a bug bounty program, check out this TechRepublic article.

Also see

Image: iStockphoto/BrianAJackson