Menu

Sign Up For ARC’s Newsletters

Stay informed to make better business decisions.

Sign Up

Travel App Testing

Learn the unique challenges and opportunities with launching winning travel app

Get The Free eBook

Mobile App Testing

Learn tips, techniques and trends for launching great mobile apps

Get The Free eBook

Retail App Testing

Learn the unique challenges and opportunities with launching winning retail apps

Get The Free eBook

Accessible By Design

This free eBook details why accessibility testing matters and offers guidelines to digital accessibility

Get the Free eBook

Mobile Payments: More Than Just A New Way To Pay

Learn the fundamentals of mobile payment technology and what to consider when implementing a new payment strategy

Get the Free eBook

Listen to the Voice of Your Customers

Improve Your Customer Experience With App Store Analytics

Get The Free Whitepaper Now

The Essential Guide to Mobile App Testing

Learn tips, techniques and trends for launching great mobile apps

Get The Free eBook Now

Travel App Testing

Learn the unique challenges and opportunities with launching winning travel apps

Get The Free eBook Now

Retail App Testing

Learn the unique challenges and opportunities with launching winning retail apps

Get The Free eBook Now
February 10th, 2017

There Are Over 209,000 Unfilled Cybersecurity Jobs In The U.S.

Protecting company assets should come first.

According to a survey of 100 chief information security officers (CISO) by cybersecurity testing company Bugcrowd, enterprises are being overwhelmed by hacking attempts. As a result, Bugcrowds’s CISO Investment Blueprint for 2017 report said that 94% of CISOs were concerned about what will happen to public facing assets in the next 12 months.

Bugcrowd cited a recent report by the non-profit Identity Theft Resource Center, which said that the overall number of data breaches increased by 350% between 2007 and 2015. Hacking was leading cause of data breach incidents during those years, accounting for 55% of all breaches.

The App Quality Imperative Creating Apps that Win - 5 Challenges and 5 Solutions Get It Now

The problem is that most companies or organizations are not equipped to deal with a constant stream of hacking attempts on their systems.

CISOs use an average of 4.8 application security tools to protect company assets, with penetration testing and incident response processes at the top of the list. As more breaches occur at the application level, IT departments have made app security spending a priority, Bugcrowd said.

There are four distinct areas that require increased security investment—cloud-hosted apps, public-facing Web apps, mobile apps and APIs. The report said that 59% of CISOs wanted to invest in cloud-hosted apps, with 57% citing public-facing Web apps as a key area of security investment. Around 39% of CISOs said that they would make mobile apps a priority investment.

Like what you’ve read? Subscribe to ARC here and you’ll receive articles in your inbox daily at 4PM ET!

Cybersecurity Has A Talent Gap

The intent to invest is to be applauded, but 71% of CISOs said they were hampered by financial constraints. Staffing issues were the main cause of concern, with 54% of people citing it as an ongoing challenge. An immature security culture within the organization and inadequate testing methods were also issues for 36% and 26% of CISOs, respectively

“In 2017, modern application security teams will continue facing resourcing and budgeting issues while investment areas continue to diversify,” the report said. “According to the Bureau of Labor Statistics, there are over 209,000 unfilled cybersecurity jobs in the U.S., and postings are up 74% over the past five years. Our research shows that this will be the top issue over the next year along with budget constraints.”

Source: Bugcrowd, CISO Investment Blueprint For 2017

See also: The Price (And Importance) Of Discovering Cybersecurity Bugs Is Increasing

Sixty-five percent of people said that their organization was either currently running or was planning to integrate a bug bounty program into its QA practices. The bug bounty model is a valuable asset for companies to adopt with a diversity of testers, a continuous stream of application testing and the ability to reveal critical vulnerabilities all ranked highly by CISOs.

Bug bounty adoption is at an all-time high, the report said.

The integration of a bug bounty program can multiply the number of eyes looking for vulnerabilities. The shallow nature of the cybersecurity talent pool means that there are not enough experienced security researchers to go around, which makes a crowdsourced alternative an attractive option. In addition, an outsourced QA department can give a company as close to 24/7 coverage as you can get.

Source: Bugcrowd, CISO Investment Blueprint For 2017

Bug Bounty Hunting Benefits Everybody

Naturally, a bug bounty hunter does not search for vulnerabilities for nothing.

TechCrunch reported that Google paid out over $3 million in bug bounties in 2016 as part of its long-running Vulnerability Rewards Program. According to the Google Security Blog, around 1,000 individual bounties were handed out, with one vulnerability earning the hunter $100,000. And that is just one of the many bug bounty programs being run in the private sector.

When you consider that malicious third parties are always looking for new targets, finding vulnerabilities before the bad guys do should always be a priority. A recent report by Austrian software company Tricentis said that $1.1 trillion in assets were impacted by software failures in 2016 alone, with the finger of blame falling upon security breaches among other things.

With that in mind, a crowdsourced security-testing program is a tried and (no pun intended) tested way to make sure that companies don’t leave themselves open.

“As they have continued to prove successful, bug bounty adoption has increased amongst enterprise organizations in 2016,” Bugcrowd said. “We expect this trend to continue in 2017 with emphasis on financial services, e-commerce, automotive, and technology organizations. The results-driven model and competitive nature of bug bounties drive success in the enterprise.”

Did you know? Applause has a global network of over 250,000 testers for any and all QA needs. See what Applause’s crowdtesting community can do for you.

Lead image: “Lady and the Peach” via Flickr by Onny Carr, Creative Commons, no changes made.