Rampant data breach growth is turning up the pressure on digital organizations – and they are answering the call. New data from Synack, the most trusted crowdsourced security testing platform, reveal that organizations are successfully ramping up their ability to scale their security in 2020 in order to prevent data breaches. Already, they are covering more ground, getting 20x more effective in their ability to cover their digital attack surface than traditional testing methods.
Here’s their secret: augmented intelligence, or augmenting human security talent with artificial intelligence. It’s become a well-known fact that while the creativity and critical thinking of human security talent is key to gaining an advantage over cyber attackers, it’s in short supply. The industry expects 3.5M cyber positions to be unfilled by 2021. While big numbers get thrown around about the hundreds of thousands of security experts available via bug bounty platforms, the reality is that the pool of top talent is quite narrow. For example, Google’s bug bounty program, one of the largest in the world, engaged only 317 experts of the “hundreds of thousands” in the world, meaning only 317 security researchers submitted reports of security vulnerabilities on Google that were valid and worthy of payment.
Compounding the talent problem is an uptick in development cadence and data. Development organizations are shipping new code multiple times a day, increasing the risk of vulnerabilities being introduced into the environment. Additionally, security organizations are receiving >10,000 alerts monthly (many of which are false positives) and managing 70+ vendors on average.
Organizations have to work smarter, not just harder – and they cannot scale through people alone. To scale their security defenses, thousands of organizations are leveraging the talent of a crowd of security researchers to augment their internal teams. And to augment the crowd, they are using artificial intelligence.
According to Synack’s data, organizations implementing this augmented approach to security can expect more of the following, relative to traditional methods:
- Coverage and Scale: While humans are ~2x more impactful at finding breach-worthy security vulnerabilities, an augmented combination of the best security talent in the world and AI-enabled technology results in 20x more effective in their ability to cover their digital attack surface.
- Efficiency: Humans can accelerate their time to evaluate the breach-worthiness of a vulnerability by at least 73% by using AI-enabled technology.
- Effective Remediation: Companies are able to find and close critical vulnerabilities 40% faster, reducing the vulnerability risk window.
“Across industries, organizations are turning to augmented intelligence for increased efficiency without sacrificing impact,” says Mark Kuhr, Co-Founder and CTO of Synack. “Security teams from organizations ranging from the Global 2000 to government agencies and high-growth companies are using this augmented approach today to scale their security testing and increase trust within their organizations and with customers.”
The data show that as organizations scale security and implement testing on a more continuous cadence, their organizations become more trusted. Earlier this year, Synack released their flagship report, the 2019 Trust Report, highlighting that organizations performing continuous security are over 40% more resistant to cyber attacks than organizations who rely on point-in-time security tests. This trust strengthens over time – organizations that have utilized an augmented approach to security testing for two or more years are up to 200% stronger against cyber attacks than they were in their first year.
Synack is releasing two reports today building on this dataset. The first, Trust at Scale, puts Synack’s 2019 Trust Report into practice by exploring how the most trusted organizations are scaling their trusted by brands by scaling their security operations. Synack’s complementary technical whitepaper, Optimizing Humans + Machines for Security Testing at Scale, walks through human-machine workflow engines that leverage augmented intelligence, and why AI will never be able to replace humans in security testing.
Synack, the most trusted crowdsourced security platform, delivers continuous and scalable penetration testing with actionable results. The company combines the world’s most skilled and trusted ethical hackers with AI-enabled technology to create an efficient and effective security solution. Headquartered in Silicon Valley with regional offices around the world, Synack protects leading global banks, federal agencies, DoD classified assets, and close to $1 trillion in Fortune 500 revenue. Synack was founded in 2013 by former US Department of Defense hackers Jay Kaplan, CEO, and Dr. Mark Kuhr, CTO. For more information, please visit www.synack.com.