pn_photo - stock.adobe.com
The hacking community is becoming more reflective of today’s society, with gender and neurodiversity on the increase among hackers, bringing new skills and insights that others might miss, according to new statistics gathered by crowdsourced security firm Bugcrowd.
In the latest edition of its annual Inside the mind of a hacker report, Bugcrowd – which connects ethical hackers to its customers to help them fix vulnerabilities – found that about 13% of career hackers now identify as neurodiverse.
It said many hackers living with neurological conditions can prove extremely adept at bringing depth and dimension to security testing – such as increased memory skills, enhanced perceptiveness, an eye for detail, and an ability to easily understand complex systems.
In particular, noted the report, nearly half of neurodiverse hackers have some form of attention deficit hyperactivity disorder (ADHD), and can thrive in rapidly changing environments such as security research, where creativity and different models of thinking are highly valued.
“Globally distributed good-faith hackers are increasing in number and diversifying,” said Casey Ellis, founder, chairman and CTO of Bugcrowd. “Bugcrowd gives organisations the power to proactively leverage human ingenuity – the enabler of malicious cyber attacks – at scale to prevent them.”
Bugcrowd also found that younger millennials and members of the following generation Z (or Zoomers) born in the 1990s are also very well represented in the community – under-24s account for more than half of hackers working today, and almost three-quarters speak two or more languages.
The report said its findings highlighted the special sauce that only human ingenuity can bring to a resilient organisational security posture, with 87% of respondents agreeing that traditional security scanners could not find as many critical or unknown assets as humans. Just over three-quarters – 78% – also expressed doubts that the increased prevalence of security powered by artificial intelligence (AI) was not going to be good enough on its own to outmanoeuvre cyber attacks in the coming years.
“Hackers will always be one step ahead of AI when it comes to cyber security because humans are not confined by the logical limitations of machine intelligence,” said Jasmin Landry, a Canada-based security adviser, and one of Bugcrowd’s top-ranked hackers.
“For example, hackers can adapt four to five low-impact bugs to exploit a single high-impact attack vector that AI would likely miss without the creative flexibility of human decision-making,” he added.
“Experience allows hackers to recognise vulnerable misconfigurations that represent a true risk to organisations without all the false positives that typically come with AI-powered solutions.”
Read more about ethical hacking
- Victor Gevers, a Netherlands-based ethical hacker, discovered nearly 1,000 vulnerabilities after taking a year off from his job in the Dutch government to set up a hack group.
- You may not make a million as a bug bounty hunter, but you might help remove some of the stigma that persists around cyber security, says HackerOne’s Shlomie Liberow.
- Being valued by the business for their role in keeping the organisation safe and upholding ethical standards is a primary motivator for CISOs and other security professionals.
Ellis added: “While AI has a role to play in helping to reduce cyber risk, companies need to integrate crowdsourced security throughout their security lifecycle if they hope to outsmart and outmanoeuvre cyber criminals.”
Bugcrowd also found a growing trend of social responsibility among businesses and hackers, with 93% of the hackers surveyed saying they hacked first and foremost out of care for the wellbeing of the organisations they are working alongside. This seems to be paying off, because the data shows that globally, organisations made five times the number of co-ordinated vulnerability disclosures in the past 12 months than in the previous year.
“The exponential growth of these disclosures highlights the value of transparency to stakeholders and demonstrates that organisations are taking social responsibility more seriously than ever,” said Ellis.
Bugcrowd reckons that hackers working on its platform prevented $8.9bn worth of cyber crime in 2019, and earned 38% more in bug bounty pay-outs than the year before.