This post is part of our 2023 cybersecurity prediction series.
Shlomie Liberow, Head of Hacker Research & Development at HackerOne
Generation Z will be at the forefront of shaping cybersecurity and hacking culture.
I look at the community now and there are people as young as 15 or 16 getting more and more proficient at hacking. Last year, more than half of the hacking community was under 25 and I expect that percentage has increased. Some of the top hackers on the platform are just 17 years old — they’re good at it because they’ve grown up with technology . Imagine you’re a gamer and you find out that a gaming company is offering bounties. Since you’re already trying to find cheats in games, the opportunity to hunt for vulnerabilities in exchange for cash is enticing. This demographic influence means the community and culture will be built around what Generation Z cares about. Some hackers have joined the community indirectly because of gaming and we’ve seen younger hackers getting involved in more niche programs, including IoT, cloud security and hardware security testing, rather than classic website hacking.
Alex Rice co-founder and CTO at HackerOne
Next year, leading organizations will establish transparency as a core quality metric for security teams.
Organizations with mature security programs will continue to build transparency into their disclosure practices as this becomes the norm moving forward. While 64% of organizations continue to maintain a culture of security through obscurity, we’ve seen this mentality slowly shift as regulators and leading organizations advocate for change. Transparency builds trust, which ultimately will serve as a competitive differentiator for companies that have a desire to level up their existing cybersecurity program.
Hackers and external code reviewers will become a more integrated part of the software development processes.
Hackers have such broad, practical skillset and there’s an opportunity for them to get involved in some of the pre-production phase of taking software through the lifecycle. With over 70% of organizations claiming to adopt security reviews into their development processes, it is surprising to see that less than 25% of security issues are actually found during the development phase. As the value of DevSecOps increases, we’ll see the line between hackers and developers blurring as hackers with development expertise become a core element of the software development processes. There's a lot of value hackers can bring when it comes to catching security risks earlier rather than later.
Dane Sherrets, Solutions Architect at HackerOne
We'll see even larger bounty rewards become the norm in 2023 for ethical hackers in the Web3 space, as stakes continue to rise during the biggest year for cryptocurrency hacks on record.
From FTX's recent collapse to the numerous smart contract hacks we've seen this year (the most in one month, ever, this October), regulators and organizations alike have noticed cryptocurrency projects woefully lacking in security. A critical vulnerability in a web3 project could mean a huge payout for a malicious actor and serious financial impact on thousands of people. It makes sense that rewards to hackers should match the damage of a potential breach when this much money is at stake. Coinbase is a great example of an organization that's already anticipating this shift: they recently paid a hacker $250 thousand for identifying a critical vulnerability. I expect we'll see even bigger rewards for Web3 vulnerabilities in the future.