Most Orgs Would Take Security Bugs Over Ethical Hacking Help

A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways.

Enterprises are putting greater stock in cybersecurity, but outdated “security by obscurity” is still prevailing as companies wrestle with security awareness and shy away from bug-bounty programs.

That’s according to new survey data from HackerOne, which found that a full 65 percent of organizations surveyed claimed that they “want to be seen as infallible.” However, just as many – 64 percent – said they practice a culture of security through obscurity, where secrecy is used as the primary method of protecting sensitive systems and assets.

Struggling with Security Awareness

When it comes to what’s actually happening on the ground inside organizations, 57 percent of respondents in the report – “The Corporate Security Trap: Shifting Security Culture from Secrecy to Transparency” – said that they struggle to create a culture of cybersecurity, and only 26 percent are “very confident” that staff are following security practices.

Worse, only 12 percent of departments outside of security and IT make cyber-awareness and training a core focus, according to the survey.

And that’s translating to trouble: About 63

Read More: https://threatpost.com/orgs-security-bugs-ethical-hacking-help/178862/