Companies are paying millions to get hacked — on purpose

By Ed Zwirn

(originally published on April 23, 2017 in the New York Post)

The old sports adage, “the best defense is a good offense,” is being deployed by corporate America when it comes to cybersecurity.

HackerOne, a San Francisco-based “vulnerability coordination and bug bounty platform,” reports that it has some 800 corporate customers who paid out more than $15 million in bonuses to white-hat hackers since its founding in 2012.

Most of that bounty was paid in the past two years, as companies have become more aware of their cyber vulnerabilities.

Clients that have used the platform include General Motors, Uber, Twitter, Starbucks and even the US Department of Defense.

According to HackerOne Chief Executive Marten Mickos, companies of all kinds are shelling out increasing amounts of money to fight fire with fire by employing benevolent hackers to thwart break-ins from outside hackers.

Google, as he points out, has paid out about $3 million through its own hacker bonus program. Uber has paid out $860,000 over the past year to use his platform.

The increased use by consumers of internet-connected devices (the so-called “internet of things”) is also resulting in a “rapidly growing” demand for white hats, according to Mickos, who points to 2015’s hack of Mattel’s Wi-Fi enabled Hello Barbie. “It may sound silly, a doll,” he says, “but it’s your child.”

Another 2015 wake-up call occurred when the controls of a Jeep were commandeered by a hacker using a laptop miles away. Parent Fiat Chrysler had to recall more than a million vehicles as a result of the incident (in which no one was hurt) — a lesson that was not lost on other automakers like GM, which signed up with HackerOne, and Tesla, which established its own bonus program.

“[Benevolent] hackers are in very high demand,” according to Adam Malone, director of cyber investigation and breach response at PwC. The demand for the skill set is also expanding beyond the freelancers, he says, with a select few hackers bringing home “a six-figure range pay up to half a million.”

“I lead a team of guys that go into a company that has been breached,” he explains. “I primarily hire people most experienced in hacking.”

This entry was posted in Ed Zwirn - Articles, Ed Zwirn - New York Post, Entertainment Plus Creations and tagged , , , , by Ed Zwirn. Bookmark the permalink.

About Ed Zwirn

Ed Zwirn is a journalist/editorial professional with a focus on financial trends and practices. He lives out in the woods in Bethel, NY, not far from where the Woodstock Music and Arts Festival was held in 1969. As a financial writer, his work has appeared in The Wall Street Journal, The New York Post, CFO Magazine and news services including Dow Jones Newswires and Informa Global Markets. Ed also spent three years in Ukraine, where he ran an English-language news service. He now divides his time between his freelance journalism, song and poetry writing, and barbequing and lawn-mowing on his 2.5 acre property.

Leave a Reply