Rapid globalisation, acceleration in gender diversity and growing neurodiversity among hackers have all been highlighted as key factors for the future by the Inside the Mind of a Hacker report from Bugcrowd.
The report shines a light on the vital need for a blend of “human ingenuity and AI-powered” security solutions to protect critical infrastructure, experts from the crowdsourced security company said.
Among the report’s key findings, human ingenuity supported by "actionable intelligence" was found to be critical ingredients to maintaining a resilient infrastructure.
Some 78 per cent of hackers indicated AI-powered cybersecurity solutions alone are not enough to outmanoeuvre cyber-attacks over the next decade.
- AI vs humans: 78 percent of hackers believe they will outperform AI for the next 10 years
- Neurodiversity: 13 percent of hackers are neurodiverse ("referring to variations regarding sociability, learning, attention, mood and other non-pathological mental functions")
- Value: Bugcrowd’s hacker community potentially prevented US$ 8.9 billion of cybercrime last year. In the next five years, this will rise to US$ 55.5 billion.
- Demographics: 53 percent of hackers are 24-years-old or younger. Just two percent re aged 45 or older. Even with baselines adjusted for national variations, data suggests security researchers work to support larger than average households: 48 percent of hackers live in a household of more than four people. Women are under-represented, at just six percent of hackers. Numbers are exploding in India, up 83 percent in the last year
- Motivations and perceptions: hackers feel misidentified as hoodie-wearing night owls up to no good. They see themselves as ordinary people, often sharpening up their own skills as a means of winning other employment
Nearly nine out of 10 hackers (87 percent) say that scanners cannot find as many critical or unknown assets as humans.
Casey Ellis, founder, chairman, and CTO of Bugcrowd said: “Globally-distributed good-faith hackers are increasing in number and diversifying. Bugcrowd gives organisations the power to proactively leverage human ingenuity - the enabler of malicious cyberattacks – at-scale to prevent them.
“While AI has a role to play in helping to reduce cyber risk, companies need to integrate crowdsourced security throughout their security lifecycle if they hope to outsmart and outmanoeuvre cybercriminals.”
While 2019 was a record year for data breaches, the report found that hackers working on the Bugcrowd platform prevented US$8.9 billion (£7.2 billion) of cybercrime in 2019 and earned 38 percent more than they did in the previous period.
In the next five years, hackers on the Bugcrowd platform are projected to prevent more than US$ 55 billion in cybercrime for organisations worldwide, the company said.
Jasmin Landry, top-ranked Bugcrowd hacker said: “Hackers will always be one step ahead of AI when it comes to cybersecurity because humans are not confined by the logical limitations of machine intelligence.
“For example, hackers can adapt four to five low-impact bugs to exploit a single high-impact attack vector that AI would likely miss without the creative flexibility of human decision-making.
"Experience allows hackers to recognise vulnerable misconfigurations that represent a true risk to organisations without all of the false positives that typically come with AI-powered solutions.
The report found that:
- 78 percent of hackers said AI-powered cybersecurity solutions alone aren’t enough to outmanoeuvre cyber attacks over the next decade
- 61 percent of hackers have noticed an increase in bug bounty programmes since the onset of Covid-19
- 93 percent of hackers primarily hack out of care for the companies for which they work
- 73 percent of hackers speak multiple languages; 53 percent of hackers are under the age of 24; 13 percent of hackers are neurodiverse.
The Inside the Mind of a Hacker report analyses 3,493 survey responses from working hackers, plus hacking activity on the Bugcrowd Platform between 1 May, 2019 and 30 April, 2020.
The research also incorporates data from 1,549 programmes and 7.7 million platform interactions to provide a striking and in-depth view of emerging trends among Bug Bounty, Penetration Testing, Attack Surface Management, and Vulnerability Disclosure Programs.
Javvad Malik, security awareness advocate at KnowBe4 said: "Ultimately, despite improvements in automation, humans remain an integral part of security from design, offence, and defence. So being able to include people from different backgrounds and abilities only help to enrich the ecosystem.
"While some people have mixed opinions on crowd-sourced penetration testing, the best thing to have come out of it, which this report highlights, is how it has completely removed the barrier of entry for anyone.
"There is no interview process and no assessment, anyone can set up an account and start looking for vulnerabilities. This has opened the door to a truly diverse range of individuals that can showcase their skills regardless of their gender, race, location, or language. It's also encouraging to see a significant percentage of hackers who are identified as being neurodiverse."