How the Threat Landscape Is EvolvingBugcrowd CTO Casey Ellis Talks Log4j, Ransomware, Open-Source Software and More
The cybersecurity industry continues to face a seemingly endless list of challenges. Lately, supply chain risks, including flaws uncovered in open-source software such as Log4j, have led to frantic and ongoing attempts to identify, mitigate and one day fully patch all affected tools, says Casey Ellis, CTO and founder of Bugcrowd.
The rapid shift to remote work during the pandemic and embrace of digital transformation and zero trust have also left everyone scrambling to belatedly make sure that everything has been rolled out in a secure, locked-down manner.
"There's a lot more effort going into - potentially on the bad guy side, as well as the good guy side - figuring out what's vulnerable, and how to exploit it," he says.
Criminals are "economically rational," he says. "People think about malicious attackers like this sort of ephemeral force; it's a business. … They're just trying to be as effective as they can, and they'll use whatever's put in front of them."
In a video interview with Information Security Media Group, recorded at the UKI Cybersecurity Summit in London, Ellis discusses:
- The evolving threat landscape and expected trends for 2022;
- The importance of adopting a risk-based approach;
- The growth of crowdsourced security and how it works.
Ellis is the founder, chairman and CTO of Bugcrowd. He is an 18-year veteran of information security, servicing clients ranging from startups to multinational corporations as a pen tester, security and risk consultant and solutions architect, and most recently as a career entrepreneur. Ellis pioneered the "crowdsourced security as a service" model, launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the disclose.io vulnerability disclosure standardization project in 2016.