Japan has beefed up its efforts to stop cyber attacks on its companies. To achieve this, the country is investing heavily in ‘white-hat’ hackers whose job is detecting any security breaches from ‘black-hat’ hackers.
For purposes of motivation, some firms such as Cubozu Inc introduced a program to pay the ‘white-hat’ hackers for every vulnerability found in their systems. This payment amount is called a bug bounty. Colleges run by the state have also joined the fray in making students better white-hat hackers. To do this, they now organize bug-hunting contests among their students to train them on identifying the vulnerabilities.
For Cybozu Inc, which is based in Tokyo, each vulnerability found is paid for at least 500,000 yen. According to an official at the company, Akitsugu Ito, last year alone the white-hat hackers identified 370 system weaknesses. The payments made totaled to about 15.6 million yen. According to Ito, security experts from outside the firm are better at detecting the system vulnerabilities. The bugs found, for example, had been missed by the firm’s internal security checks.
The same has been done by Line Corp to beef up its security systems. Line Corp operates a free messaging app that is very popular among Japanese users.
To make things better for everyone, Sprout Inc, a firm with deep security expertise, made it easier to find white-hat hackers. Sprout finds white-hat hackers from around the world then links them with firms in need of their services. The program was launched in 2016 and the hackers are paid through Sprout for each security vulnerability identified.
To this moment, Sprout Inc has signed up at least 10 contract firms among them Avex Group Holdings Inc and Pixiv Inc. Avex is in the entertainment business while Pixiv is for artists. The number of white-hat hackers on Sprout’s payroll totals 430 and have earned at least 3.9 million yen so far. This shows just how far companies are willing to go to remain secure.
At Chiba University, a hackers’ contest attracted an impressive 50 student entrants. According to the Vice President of the university Tetsuya Ishii, the contest is meant to identify those with good hacking skills. They are to play major roles to the security of the future in major firms. Although no cash rewards were offered, the entrants would receive handsome non-cash rewards. It was the first time any a university was invested in finding security vulnerabilities through hacking efforts.
On the other side of the Pacific Ocean, firms such as Microsoft and Google have been known to hold hacking sessions to find vulnerabilities in their security systems. Apple, the maker of the iPhone, recently joined the hacking side with handsome perks for those who identified the bugs.
This method of making systems secure through hacking is gaining ground all over the world with great results. Rather than waiting for the back to happen, why not hack the system now?