‘Inside the Mind of a Hacker’, a new cyber report from Bugcrowd also revealed that 78% of hackers believe they will outperform AI for the next decade.
Rapid globalisation, acceleration in gender diversity & increasing ‘neurodiversity’ among hackers have all been highlighted as key factors for the future by the Inside the Mind of a Hacker report from Bugcrowd.
The report focuses on the vital need for a blend of “human ingenuity and AI-powered” security solutions to protect critical infrastructure, experts from the crowd-sourced security company observed.
Key findings include that human ingenuity supported by “actionable intelligence” was found to be critical elements to maintaining a resilient infrastructure.
Some 78% of hackers suggested AI-powered cybersecurity solutions alone are simply insufficient to stop cyber-attacks over the next 10 years.
- AI vs humans: 78% of hackers think they will outperform AI for the next 10 years
- Neurodiversity: 13% t of hackers are ‘neurodiverse’ (“referring to variations regarding sociability, learning, attention, mood & other non-pathological mental functions”)
- Value: Bugcrowd’s hacker community potentially stopped US $8.9 billion of cyber-crime last year. Over the next 5 years, this will increase to US $55.5 billion.
- Demographics: 53%of hackers are just 24 or younger. Just 2% aged 45 or older. Even with baselines adjusted for national variations, data suggests security researchers work to support larger than average households: 48% of hackers live in a household of over 4 people. Women are under-represented – just 6% of hackers. Numbers are ‘exploding’ in India, up 83% in the last 12 months.
- Motivations & perceptions: hackers feel misidentified as hoodie-wearing night owls up to no good. They see themselves as ordinary people, often sharpening up their own skills as a means of winning other employment.
Nearly 9 out of 10 hackers (87%) suggested that scanners cannot find as many critical or unknown assets as humans.
Casey Ellis, Founder, Chairman, and CTO of Bugcrowd commented “Globally-distributed good-faith hackers are increasing in number& diversifying. Bugcrowd gives organisations the power to proactively leverage human ingenuity – the enabler of malicious cyberattacks – at-scale to prevent them.
“While AI has a role to play in helping to reduce cyber risk, companies need to integrate crowdsourced security throughout their security lifecycle if they hope to outsmart & outmanoeuvre cybercriminals.”
2019 was a record year for data breaches, but the report found that hackers working on the Bugcrowd platform prevented US$8.9 billion (£7.2 billion) of cyber-crime in 2019 & earned 38% more than previously.
Over the next 5 years, hackers on the Bugcrowd platform are projected to stop more than
US$55b in cybercrime for organisations worldwide, the company stated.
Jasmin Landry, top-ranked Bugcrowd hacker added “Hackers will always be one step ahead of AI when it comes to cybersecurity, because humans are not confined by the ‘logical limitations’ of machine intelligence.
“For example, hackers can adapt 4 to 5 low-impact bugs to exploit a single high-impact attack vector that AI would likely miss without the creative flexibility of human decision-making.
“Experience allows hackers to recognise vulnerable misconfigurations that represent a true risk to organisations without all of the false positives that typically come with AI-powered solutions.
The report found that:-
- 78% of hackers said AI-powered cybersecurity solutions alone are not enough to outmanoeuvre cyber-attacks over the next decade
- 61% of hackers have noticed an increase in bug bounty programmes since the onset of Covid-19
- 93% of hackers primarily hack ‘out of care’ for the companies for which they work
- 73% of hackers speak multiple languages; 53% of hackers are under the age of 24; 13% of hackers are ‘neurodiverse’.
The Inside the Mind of a Hacker report analyses 3,493 survey responses from ‘working hackers’, plus hacking activity on the Bugcrowd Platform between May 1st, 2019 & April 30th, 2020.
This research also incorporates data from 1,549 programmes & 7.7m platform interactions to provide a stark & in-depth view of emerging trends among Bug Bounty, Penetration Testing, Attack Surface Management, & Vulnerability Disclosure Programs.
Javvad Malik, Security Awareness Advocate at KnowBe4 observed “Ultimately, despite improvements in automation, humans remain an integral part of security from design, offence, &defence. So being able to include people from different backgrounds & abilities only help to enrich the ecosystem.
“While some people have mixed opinions on crowd-sourced penetration testing, the best thing to have come out of it, which this report highlights, is how it has ‘completely removed’ the barrier of entry for anyone.
“There is no interview process & no assessment, anyone can set up an account & start looking for vulnerabilities.
This has opened the door to a truly diverse range of individuals that can showcase their skills regardless of their gender, race, location, or language. It’s also encouraging to see a significant percentage of hackers who are identified as being neurodiverse.”
Interesting research indeed!