Hackers who manage to infiltrate a company’s network and then tell them about it should be thanked and paid, according to Google’s cyber chief.
“It used to be that if you told an organization that you broke into their environment, they would typically respond with a legal cease and desist letter. They would stop you, put a gag order on you can’t tell anybody,” director of security for Google Apps Eran Feigenbaum said during a speech on Tuesday at the InfoSecurity conference in London.
“We’ve take a different approach, where we actually thank people.”
Cybersecurity hit the headlines last year after a number of high profile hacks on companies including on Sony and eBay exposed weakness in the defences of even the world’s biggest organizations.
Data breaches are invariably financially damaging for businesses and are set to cost companies $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015, according to Juniper Research.
There has been a rise in recent years of so-called “white hat hackers” or ethical hackers – people who attack a firm’s systems in order to find security flaws.
This approach to cybersecurity has made some companies nervous and even lead to legal cases against hackers who breached a firm’s networks. But Feigenbaum said this is the wrong approach.
Last year, Google had a $1.5 million pot of money that it distributed to people who found so-called “zero day vulnerabilities” in Google software or flaws that the U.S. search giant didn’t know existed. This led them to establish a team of elite hackers dedicated to finding such security holes.
“You get a whole new set of eyes. Even with 450 security professionals looking and working on a regular basis to make sure our software’s secure by working with the security community you get a whole extra bench, thinking of things that you may not have thought of,” Feigenbaum told CNBC after his keynote address.
“So encouraging them to do the right thing by treating them with respect, paying them, giving them acknowledgement is important.”
Google is not the only company to employ such tactics. United Airlines announced last month that it would offer up to a million air miles to hackers who can find security bugs in its network.