June 25, 2019updated 01 Jul 2019 11:55am

Humans beat automation when it comes to finding security vulnerabilities

By Lucy Ingham

Despite a proliferation of automated technologies in the cybersecurity space, humans are still more effective at rooting out security vulnerabilities, according to infosecurity professionals.

Research conducted by hacker-powered security platform HackerOne found that 53% of security professionals surveyed at Infosecurity Europe considered humans to be most effective.

However, there are some that would prefer to put their trust in bots, with 27% seeing automated tools as the most effective solution – a statistic that was met with surprise by HackerOne.

“I’m actually surprised that there are still a large number of people who would put their trust solely into automated scanners,” said Laurie Mercer, a security engineer at HackerOne.

“The singularity is not here. Automation is no match for human intelligence.”

Security vulnerabilities remain a key cause of breaches

Despite human error remaining responsible for the vast majority of breaches, security vulnerabilities still account for a significant minority of incidents.

HackerOne’s survey found that 12% of organisations had been hit by a breach as a result of security vulnerabilities.

79% also saw such vulnerabilities as a key threat to their organisation – with 64% saying they would be willing to work with ethical hackers to find such issues.

91% also felt hackers should be rewarded for finding vulnerabilities – a common approach through bug bounty programmes – although 63% felt such rewards should only be made available when the hacker followed correct disclosure processes.

“We are all vulnerable, and we all suffer the consequences. Let’s help each other out,” said Mercer.

“There is a huge community of trustworthy people who are naturally talented at finding unpatched and unknown security vulnerabilities. The best way to prevent getting hacked is to try to get hacked by people you trust. Together, we can build a safer internet.”


Read more: Victimology: In the shoes of a cybersecurity analyst


Verdict deals analysis methodology

This analysis considers only announced and completed cross border deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,