SIGN IN      

The best hack to secure a site? An actual hacker 

June 6, 2017

Digital Reporter

Cover art Erka Capili Inciong

Imagine allowing a legion of thieves into your house to investigate possible ways on how other thieves can barge in and steal from you. And then, you reward them for doing so.

That’s sort of how companies are being urged to protect their websites from possible cyber attacks.

The continuously growing number of people online has prompted companies to extend their operations to the digital space. Brick and mortar stores are now supported—or even replaced—by online counterparts or websites. Many people use Google to check certain products and even consult online review sites like Yelp before they shop. Some skip the traffic jam and mall chaos by purchasing products through online stores like Amazon and eBay. Banking and even travel bookings are now also done online.

But utilizing digital platforms imposes certain risks on the company and even on the consumers. One of which is vulnerability to computer hacking, which can result in the stealing of classified information.

So how can companies, especially startups, opting to maximize online platforms avoid this risk?

One of the emerging solutions to this perennial problem is called “The Bug Bounty” program. Alexis Lingad, CEO and founder of Cryptors Cybersecurity, Inc., calls it the “most effective way to secure a website.”

He leads a company that boasts of being the “first bug bounty platform in Southeast Asia.” At the age of 16, Mr. Lingad already worked in U.S.‑based company Garin Technologies, as a web security analyst. And in the Philippine Army, he was a cybersecurity researcher. He now conducts cybersecurity seminars as part of his company’s missions.

He explained that a bug bounty program is a deal where companies pay “ethical hackers” to find and report bugs and send recommendations to fix vulnerabilities on their websites as a precaution for potential attacks.

Technology giants like Facebook, Apple, Google, and Yahoo! have this kind of program. Pentagon, the headquarters of the U.S. Department of Defense, also launched the same program called “Hack the Pentagon” last year.

In a forum entitled “How to Secure Your Website” held last May 27 at Engine Stream Studio, Pasig City, Mr. Lingad shared with other tech geeks that many companies, especially startups, refuse to invest in cybersecurity measures because they think that they don’t have crucial information to protect yet. Often times, he added, owners believe that hackers won’t affect their businesses.

Art Erka Capili Inciong

But according to Mr. Lingad, “75% of tech startups in the world don’t know that they have been hacked already until they purchased a defense.”

“There are hackers who are so discreet. They won’t tell you if they’re already inside your website,” he said.

According to Mr. Lingad, simply using popular web security software like Cloudfare and SiteLock is not enough to secure a website because these software are “limited.” The company that produce them, he said, have their own bug bounty programs, too. “They can detect just the known threats, but what if there is a new threat?”

Cryptors Cybersecurity currently has more than 300 ethical hackers—“white hat” in internet slang—in its team. It has won in local and international hacking competitions, the most recent being the WTH Hackers Game 2017 where they bested a team led by Paul Biteng, the man who hacked the Commission on Elections’ website prior to the national elections last year.

Companies wanting to avail themselves of Cryptors’ services can choose from its subscription plans and launch their websites on the platform (www.cryptors.org) to enable the company’s hackers to do the process.

Cryptors offers three packages: a startup package worth ₱5 per hour (₱3,600 a month), business package that can be availed of for ₱20 per hour (₱14,400 monthly), and enterprise package worth ₱50 per hour (₱36,000 per month). Rewards for hackers range from ₱200 to ₱90,000 depending on the chosen package.

These rates, Mr. Lingad defended, are “relatively cheaper,“ compared to those of other bug bounty programs regulated by software providers, which cost at least ₱100,000.

“This platform uses hundreds and thousands of limitless bug bounty hunters that can formulate and create new malware and strategies to protect your organization,” he said.

“One of our visions is to make a more secured Philippine cyberspace because it is one of the country’s problems at present.“