We live in a technology-driven world, where information spreads like wildfire. However, this information can sometimes be very dangerous if it gets into wrong hands, while at other times it can be fairly valuable.
For instance, a cybercriminal gets their hands on a company’s sensitive financial information. What do you expect they would do with it? Of course, they would use it to fulfill their ulterior motives.
Now, let’s suppose that you obtain some terrifying insights about a terrorist group. What would you do with it? If you are loyal to your nation, you will hand over the details to the concerned authorities.
The second scenario hints at playing a role in saving the society from great harm. Plus, it is where you see the benefit of crowdsourcing. Combine it with cybersecurity, and you get a force that can curb cyber threats to a greater extent.
Crowdsourcing & Security
Crowdsourcing isn’t a new concept. It has been widely popular around the globe. In fact, security authorities have often put it into practice and the results were fairly fruitful.
One such popular case of crowdsourcing for security was the investigation of Boston Marathon Bombing. After the Twin bombing incident in Boston during a Marathon, the FBI asked the general public to assist them in the case by gathering and forwarding any evidence they came across.
Another great example of crowdsourcing is the Broward County Sheriff case. The sheriff solved a stolen goods case by asking his 10,000 Facebook fans to help with the case.
The Need of Crowdsourcing for Cybersecurity
Everyday a new malware is created somewhere in the world. In this era, cybersecurity presents the same level of threat as a terrorist attack. And more often than not, these cyber threats translate into doom for businesses around the globe.
According to recent statistics, it is predicted that the damages incurred by cybercrimes will skyrocket to $6 trillion annually by 2021. Different kinds of cyberattacks are being unleashed that are damaging corporate, healthcare centers and other sectors in their wake.
Who is going to curb the never-stopping cyberattacks? Cybersecurity experts, you say? Well, you will be surprised to know that the world currently faces a severe shortage of cybersecurity experts.
A 2016 skill gap analysis survey predicted that by 2019 there will be an international shortage of 2 million talented cybersecurity professionals.
These are all the more reasons to opt for crowdsourcing, people who can contribute their skills or intelligence for a greater good, i.e., stopping cyber threats.
Three Active Forms of Cybersecurity Crowdsourcing
We still have a long way to go when it comes to combining cybersecurity and crowdsourcing in their true sense. Nonetheless, the concept is still being implemented in many forms.
- Collaborating for a Specific Cause
Collaboration is carried out for different purposes such as for idea generation, creativity, productivity, etc. The method is implemented mostly in cases when there is a single objective. The same concept can be applied when it comes to cybersecurity. Cybersecurity specialists can join heads and using their collective cybersecurity acumen, they can fortify networks and fight threats.
Synack, a technology company, is a great example here. The company was founded in 2013 and thanks to a $7.5 million funding from tech giants, the company has been making waves in the cybersecurity world. The group is powered by a team of white hat hackers that are for hire by companies that want to ensure that their products don’t contain any security vulnerability.
- Sharing Intelligence
Intelligence sharing is yet another, effective form of crowdsourcing. Here, not only individuals but both government and private entities are encouraged to share their intelligence about any cybersecurity information, thereby stopping potential online threats. One of the huge benefits of intelligence sharing is that it fosters awareness.
One such example of intelligence sharing is that of the ThreatExchange platform. The group was started by Facebook to encourage users to share their information about security threats. Likewise, in December 2014, the US Army Research Lab shared a version of their “forensic analysis code”, Dshell, on the popular website, GitHub.
On sharing the code, ARL’s Network Security branch Chief, William Glodek said, “Dshell can help facilitate the transition of knowledge and understanding to our partners in academia and industry who face the same problems.”
- Offering Bounty-Based Collaboration
It is one of the most popular form of cybersecurity crowdsourcing which is being used by a great number of tech giants including Google, Apple and Microsoft, to name a few.
Companies allow security testers to find security vulnerabilities in a product in exchange for a reward. The security vulnerabilities are tested in a controlled environment, usually by a select group of expert testers.
There are many network security enterprises such as Global App Testing or Synack that offer vulnerability detection services.
Possible Concerns of Cybersecurity Crowdsourcing
Regardless of the many seemingly incredible benefits of cybersecurity crowdsourcing, some experts believe that there are many critical flaws in the idea.
For starters, a collaborative campaign in the field of cybersecurity may inadvertently let past cybercriminals or even terrorists. In an ideal situation, it is highly possible that a cybercriminal may gain access to a code shared by a cybersecurity expert, and reverse engineer it to cause mayhem on the internet.
Another apparent concern is that not everyone would willingly join hands with security agencies. After all, there have been many scandals that surfaced in the past about security agencies secretly running illegal surveillance or security breaches.
In a Nutshell…
Regardless of the drawbacks, there is no denying that there is a great potential in the combined power of cybersecurity and crowdsourcing. After all, by encouraging crowdsourcing, you are allowing a huge bunch of highly talented individuals and resourceful organizations to use the combined power of their intelligence, skills and resources to fight off cyber threats. A crowd can show a significantly higher efficiency level in fighting against cyber threats than a single entity does all by itself.