UPDATED 09:00 EDT / JANUARY 18 2022

SECURITY

Bugcrowd: Financial services companies saw 185% increases in serious attacks

Crowdsourced cybersecurity platform startup Bugcrowd Inc. today released a new report that spotlights the key cybersecurity trends of the past year.

The 2022 Priority One report covers the rise in the adoption of crowdsourced security thanks to the global shift to hybrid and remote work models and the rapid digital transformation associated with it. The report reveals that the strategic focus for many organizations across industries has shifted, emphasizing the clearing of residual security debt associated with that transformation.

Financial services companies on Bugcrowd’s platform experienced a 185% increase in the last 12 months for Priority One submissions, which refer to the most critical vulnerabilities. High-level trends included an increase in ransomware and the reimagining of supply chains, leading to more complex attack surfaces during the pandemic.

Ransomware overtook personal data breaches as the threat that dominated cybersecurity news worldwide in 2021, with global lockdowns and remote work causing a rush to put more assets online, which led to an increase in vulnerabilities.

Security buyers were found to have invested heavily in the year to incentivize ethical hackers to find critical threats, causing P1 bugs, those of the highest priority that need to be fixed immediately, and medium-priority P2 bugs to make up 24% of all valid submissions for the year.

The report also notes a shift in Advanced Persistent Threats, which had previously been defined by highly advanced tactics and clandestine operations. That shifted in 2021 with more commonplace tactics such as so-called N-day exploits, attacks on known vulnerabilities, coming to the fore. Diplomatic norms around hacking have weakened to the point where nation-state attackers are now less concerned with being stealthy than they have in the past.

“Significantly, we’ve seen a democratization of such threats due to an emerging ransomware economy and a continued blurring of lines between state actors and e-crime organizations,” Casey Ellis, founder and chief technology officer of Bugcrowd, said in a statement. “All of which, combined with growing and more lucrative attack surfaces, have made for a highly combustible environment. In 2022, we expect more of the same.”

Other key takeaways from the report include cross-site scripting becoming the most commonly identified vulnerability type. Sensitive data exposure also moved up to third place on the list in the top 10 most commonly identified vulnerability types. In addition; ransomware went mainstream, and governments responded. Supply chains became a primary attack surface as well. And penetration testing entered a renaissance.

Image: Bugcrowd

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.