“It is impossible to postpone cyber protection until later” – Kommersant FM

Kommersant FM columnist Alexander Levi talks about how the company intends to involve “white hat hackers” in detecting vulnerabilities in smart devices.

Organization of cybersecurity in companies, especially in the IT sector, often involves bug bounty programs: so-called white hackers are offered to find vulnerabilities in a system or product in exchange for a reward.

The range of potential threats, as well as payments for identifying them, is quite wide. For example, Apple, depending on the category of vulnerability and its possible impact, is ready to fork out an amount from $500 to $2 million. At Google, the starting cash prize is similar, but the maximum motivation is limited to $1 million. At the Meta corporation, recognized as an extremist and banned in Russia, the budget even more modest: the amount of awards varies from $500 to $300 thousand.

Cisco, Microsoft, eBay, Mozilla and other large companies regularly conduct their own bug bounty. In Russia, the activities of “white hackers” are not yet regulated by law, and even law enforcement agencies opposed its legalization. At the same time, it is impossible to postpone cyber protection until later, so domestic companies are conducting programs to identify vulnerabilities and opening corresponding new sites.

So, in Yandex (MOEX: YNDX) announced an increase in the maximum reward for Bug Hunt participants. The amount increased from 600 thousand rubles. up to 1 million rubles for vulnerabilities in smart devices. The measure should attract more “white hat hackers,” the organizers are sure.

The prize fund, of course, is still orders of magnitude smaller than foreign ones. But if you look at its one-time increase of 2/3 of the previous amount, then the plan may work. Moreover, with the growing popularity of smart devices, the level of criticality of their vulnerabilities also increases noticeably. To the previous devices in the current program, “Duo Max Station”, “Midi” and “TV Station” have been added.

“Bug hunting” is just one element of the Yandex security program. In 2023, the company invested more than 6 billion rubles in digital protection, and this amount is twice as much as in 2022.