Bugcrowd: Financial services firms saw 185% increase in severe attacks


Bugcrowd Inc., the outsourced cybersecurity platform startup, today released a new report which highlights the top cybersecurity trends of the past year.

The 2022 Priority One report covers the increased adoption of crowdsourced security driven by the global shift to hybrid and remote work models and the associated rapid digital transformation. The report reveals that the strategic focus of many organizations across industries has shifted, with a focus on clearing the residual security debt associated with this transformation.

Financial services companies on the Bugcrowd platform have seen a 185% increase over the past 12 months for Priority 1 submissions, which refer to the most critical vulnerabilities. High-level trends included an increase in ransomware and the reinvention of supply chains, leading to more complex attack surfaces during the pandemic.

Ransomware overtook personal data breaches as the threat that dominated cybersecurity news around the world in 2021, with global lockdowns and remote working causing a rush to bring more assets online, which has led to an increase in vulnerabilities.

Security buyers were found to have invested heavily over the year to trick ethical hackers into finding critical threats, causing P1 bugs, those of the highest priority that need to be fixed immediately, and P2 bugs medium priority to represent 24% of all valid bugs. submissions for the year.

The report also notes a shift in advanced persistent threats, which were previously defined by highly advanced tactics and covert operations. This changed in 2021 with more common tactics such as so-called N-day exploits, attacks against known vulnerabilities, which came to the fore. Diplomatic standards regarding hacking have weakened to the point that attackers of nation states are now less concerned with being stealthy than they were in the past.

“Significantly, we have seen a democratization of these threats due to the emergence of a ransomware economy and a continued blurring of lines between state actors and cybercrime organizations,” said Casey Ellis, founder and chief technology officer of Bugcrowd, in a statement. “All of this, combined with growing and more lucrative attack surfaces, has created a highly combustible environment. In 2022, we expect more of the same.

Among other key points in the report, cross-site scripting is becoming the most commonly identified type of vulnerability. Sensitive data exposure also rose to third place in the list of the 10 most commonly identified types of vulnerabilities. Besides; ransomware has gone mainstream and governments have responded. Supply chains have also become a primary attack surface. And penetration testing has entered a renaissance.

Image: Bugcrowd

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.


About Author

Comments are closed.