Which online services do companies test most often using the ethical hackers?

  • 04.06.2017
  • 7 min. read

The level Internet crime is rising every year. With the opportunities in the online world that opens to companies, the risk of attacking and leaking important data is increasing.

Black-hat hackers have access to ever more modern tools and more computational power than a few years ago. Their attacks are more complex, more frequent, automated, and mostly very sophisticated. This risk is not limited to foreigners, real cyber damage also occurs daily in the Central European online area. Every responsible company should start seriously think about its security in the online world.

In addition to standard but also more expensive methods such as penetration tests, the use of a community of ethical hackers through so called bug bounty programs is the ideal solution to the cyber-security problem. One of the bug bounty program is Hacktrophy – the first bug bounty program in Slovakia and the Czech Republic.

What to focus on?

According to the information provided by Fortune, the banks, retailers, government agencies and hospitals around the world will invest an average of $ 108 billion per year in IT security in 2019. What is the situation in the Czech republic and Slovakia? According to our survey last year, 48% of local companies think that it does not make sense to test the security of their online applications or services. These companies probably did not notice that in 2014, the damage caused by online crime in the Czech Republic amounted to CZK 1.2 billion (€ 44 million).

The CISO Investment Blueprint for 2017 document describes the views and facts gathered from 100 leading IT security specialists from companies operating in 17 different industries. Among other things, we also find products and features for which businesses are willing to pay the most.

Apps that are placed in the cloud are in the first place. Often, for example, they concern the private solutions that are available only to company employees or business partners. However, it may also involve decentralized CRM systems, contact centers, or other company applications. According to the SANS Institute study, up to 76% of companies are focused on the security of their online applications. This trend is also confirmed by the fact that as much as 57% of companies invest in the second step most finances into security of applications that are publicly available on the Internet to their customers or other users.

The services and products that the companies have tested by ethical hackers:

  • online apps and apps in the cloud
  • applications that are publicly available on the Internet
  • mobile apps
  • API

39% of companies invest most often in the security of mobile applications. The reason is, in particular, the lack of security on the part of mobile platform providers. Although, for example, the Android operating system is in present used by more than 2 billion people, it still doesn’t offer full protection against viruses or cybercriminals.

The API is the segment in which security invests in 32% of cases. API is a weak part of many online applications and systems. It is often not properly deployed or inappropriately modified by the company itself to its needs.

Money is the problem

Up to 71% of respondents in the CISO survey have admitted that the security of their applications and features is a problem of lack of budget or funding of online security testing. Few companies are aware of the fact that cyber attacks can cause them much more harm than their prevention.

The average cost of repairing damage caused by cyber attacks in small and medium-sized businesses is € 86,000. However, since mid-2018, European companies will have to pay not only for damage caused by the attack of bad hackers but also for the state fine. The new European legislation (known as the GDPR) will be enforced, obliging companies to further protect sensitive user data, including the obligation to test the security of corporate online products.

In the case of non-observance of private data protection and leakage, companies in EU countries are subject to a fine of up to EUR 20 million or 4% of the total worldwide turnover of the company for the previous financial year.

How to save money while improving IT security?

Do you think that you have to pay thousands of euros per month for the security of your online application or system? You’re wrong! A good form of testing of your online security is the bug bounty program Hacktrophy.

Dozens of ethical hackers will take care of your safety as they will test your system in the same way as their unethical competitors. However, you will learn about the error or lack of security as first, and you’ll have time to fix it. Try Hacktrophy in your business.


IT safety newsletter for companies

Want to keep your company safe? Sign up for our newsletter and get regular tips and updates from the world of online safety.

Sign up