High profile hacks have highlighted the significant risks in the digital world. But while news outlets focus on the negative effects of cyber security, innovative companies are finding creative ways to keep firms secure, without constraining their staff with complicated IT policies and draconian data restrictions.
Behind Google’s Vulnerability Reward Program, there is a simple idea. If you handsomely reward hackers who find a bug or issue with your software, it’s more likely they’ll flag the issue with you than sell the vulnerability to a malicious crime syndicate.
This approach has been so successful for Google in the past that it’s recently announced a pool of “infinity million” dollars to pay out to hackers who report issues in Chrome.
While bugs and security holes are traditionally seen as failures in a business, bug bounty programmes redefine these as opportunities for hackers to test their bug-finding abilities. For most businesses, it is much more economical to pay out bug bounties than to hire full time security professionals.
Hire the Hackers
Defcon is the largest hacking conference in the world. Held every year in a hotel in Las Vegas, the only way to attend is to turn up and pay cash on the door.
This setting, which is packed to the rafters with lock-picking tools and WiFi snooping equipment, seems an unlikely place for a respectable company to show its face. But electric car manufacturer Tesla (which had 2015 revenues of $3.2bn) had a presence at last year’s conference, indicating that big businesses may be starting to sit up and take note.
Technology has resulted in every company becoming a software company. This means that hiring hackers should be a consideration for every organisation. Tesla’s cars operate with millions of lines of code, all of which present unique security challenges.
If you employ hackers whose primary objective is to gain unauthorised access to your own systems, you can be more confident that external hackers will find it more difficult to gain access.
Make cyber security fun
Prior to their security training, 30 to 60 per cent of staff will be susceptible to phishing emails. After training, this rate falls to around 5 per cent.
The problem is that the mention of cyber security tends to elicit yawns. IT policies and security restrictions are often seen as restrictive and a barrier to innovation. Coupled with the fact that an organisation’s personnel tend to be the easiest targets for hackers (especially those with weak passwords), one of the challenges for business is to educate staff about cyber security in an engaging way.
Read more: Hand over your money or the data gets it
Salesforce has taken this approach, using a system of badges, points and rewards to make training something staff look forward to. Also, putting the focus on security engagement, rather than security itself, is key to ensuring that cyber security policy results in action within an organisation. Using innovative methods to secure yourself and your organisation creates an opportunity to move fast rather than more slowly.
Being open, engaging hackers and exciting staff about cyber security are all ways to turn security from a threat into an opportunity. Some of the largest and most innovative organisations are taking ownership of their cyber security. More companies should follow their lead.