IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores.  IBM X-Force ID:  249325.

CVE-2023-27863: IBM Spectrum Protect Plus Server information disclosure CVE-2023-27863 Vulnerability Report

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system.  IBM X-Force ID:  247635.

CVE-2023-25927: IBM Security Verify Access denial of service CVE-2023-25927 Vulnerability Report

Black Hat Asia's NOC team gives a look inside what's really happening on the cyberfront during these events.

BLACK HAT ASIA – Singapore – When you're in an environment where the overwhelming majority of network traffic is classified as posing a severe cybersecurity threat, deciding what to be concerned about becomes not a needle in a haystack situation, but a needle in a needlestack problem.

That's the word this week at Black Hat Asia, where Neil Wyler, global lead of active threat assessments at IBM X-Force, and Bart Stump, senior systems engineer for NetWitness, took to the stage to give attendees a look inside the event's enterprise-grade network operations center (NOC). The duo oversaw the NOC's design and led the security team for the show, which ran from May 9-12. The multi-vendor network supported attendee Wi-Fi access; internal operations such as registration; the needs of business hall stands; and the communications requirements of technical trainings, briefings, keynotes, and vendor demonstrations.

"When we discuss the traffic, try to explain to others that at Black Hat it's bad all the time — all or most of the traffic is malicious," Wyler explained. "That sounds scary, but for this crowd that traffic is normal. There are people demoing attacks, there are red teams trainings going on, etc., and that means that we don't really block anything. We let that traffic fly because we don't want to take down a demo on stage or on the expo floor. Unless we see a direct attack on our infrastructure, say the registration system, we let it go."

So, in order to ferret out the actual bad, bad traffic, the NOC relies on a number of dashboards that allow a real-time view of everything flowing through the network, with the ability to capture stats on everything from device profiles to which cloud apps attendees are connecting to. It also captures raw packet data so NOC analysts can go back and rebuild sessions in the event something seems abnormally suspicious, to look at "every single thing someone is doing with every packet, in a way we can't using just logs," Wyler noted.

One of the more unusual dashboards put in place for the event offered a heat map of where Wi-Fi, Bluetooth, and even peer-to-peer wireless connections were being used, offering a quick look at where people were congregating and where there might be cyber issues afoot.

"It's an interesting perspective," explained Stump. "The bottom left corner of the map is actually the show floor, and after the business hall opened up, that got more red. You can see when breaks are happening and when they put the beverages out because people migrate. And overall, it's a quick visualization for us to see where potential issues might be coming from, where we should focus our attention."

    

_A heat map of where devices connected to the network._

In all, the NOC tracked 1,500 total unique devices connecting to the network across mobile phones, Internet of things (IoT) gear, and other endpoints, with DNS queries at their highest for the event since 2018. About three-quarters (72%) of that traffic was encrypted — a refreshingly high amount, the researchers noted. And interestingly, a domain called Hacking Clouds hosted the most user sessions — more even than the show's general Wi-Fi network for attendees.

In terms of the apps being used, TikTok made an appearance in the Top 10 for the first time, the team observed. Other top apps included Office 365 (no surprise there), Teams, Gmail, Facebook, and WhatsApp.

**Interesting NOC Happenings**

A few interesting incidents emerged from the data during the event, the duo noted. In one case, an individual was generating so much malicious activity that all of the NOC systems alerted at once.

"One particular person was so noisy that every NOC vendor partner saw their activity at the same time," Wyler said. "We're talking SQL injection on public-facing websites, WordPress compromises, lots and lots of scanning for vulnerabilities and open ports. It was like they learned something this week and went, 'Let me see if it works. I've heard about Log4j, let me see what's out there.' They took a training class and now they're spreading their wings and flying."

After the person moved from attacking restaurant chain websites to probing payment sites, it was clear the activity wasn't demo-related, so the team pinpointed the person and sent the individual a cease-and-desist email.

"We figured out they were sitting in the hallway looking out at the Bay, just attacking company after company after company," Wyler said. "We explained that it's still illegal to do what they're doing, so please discontinue attempting to execute vulnerabilities on public-facing websites. This is a violation of the Black Hat Code of Conduct and we will come find you if it doesn't stop — love, the NOC. They got that and everything stopped."

Other incidents involved VPN issues, including one that was transmitting the user's location information in clear text. The team captured the data, plugged it into Google Maps and generated a view of exactly where the person had been during the day.

    

_A VPN leak allowed the team to create a map of the user's location._

Yet another issue involved an endpoint detection and response (EDR) vendor that was sending all of the usage data it was collecting on the endpoints of its users in clear text back to its servers; one antivirus vendor was found sending unencrypted SMTP emails containing pricing quotes and other information in an unencrypted fashion, along with login credentials — allowing easy harvesting.

"An attacker could have pulled down quotes, changed quotes, gathered internal work information and customer information, definitely not good," said Stump. "It could be used to craft phishes or to manipulate pricing."

In all cases, the team worked with the problematic entities to resolve the issues. The NOC, quite simply, is on the case, according to Stump.

"People often say that at Black Hat, you shouldn't even get on the network because it's dangerous," said Stump. "But our goal is actually to leave attendees more secure than when they arrived. And that's why we do things like letting people know they're sending passwords in clear text, or when we see cryptomining activity, we'll alert them. We're committed to that."

'Very Noisy': For the Black Hat NOC, It's All Malicious Traffic All the Time

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to.  IBM X-Force ID:  250585.

  

**Summary**

IBM API Connect has addressed the following improper access control vulnerability CVE-2023-28522.

**Vulnerability Details**

**CVEID:**   CVE-2023-28522  
**DESCRIPTION:**   IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to.  
CVSS Base score: 4.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250585 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

API Connect

V10.x

**Remediation/Fixes**

Affected Product

Addressed in VRMF

Remediation/First Fix

IBM API Connect 

V10.0.0.0 - V10.0.5.1

V10.0.5.2

Addressed in IBM API Connect V10.0.5.2

IBM API Connect 

V10.0.1.4 - V10.0.1.9

V10.0.1.11

Addressed in IBM API Connect V10.0.1.11

The management server component is impacted.

Follow this link and find the appropriate package.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

The vulnerability was reported to IBM by George Mathias.

**Change History**

22 Mar 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"Component":"","Platform":\[{"code":"PF025","label":"Platform Independent"}\],"Version":"V10","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}\]

CVE-2023-28522: Security Bulletin: IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  250454.

CVE-2023-28520

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  213966.

CVE-2021-39036


IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.



  

**Summary**

If using the "satask downloadsoftware" command or the "Obtain the package directly" option in the GUI to update the system on IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products which run IBM Spectrum Virtualize software, the IBMid credentials used to authenticate to Fix Central may be exposed under certain circumstances while the download is in progress. \[CVE-2023-27870\]

**Vulnerability Details**

**CVEID:**   CVE-2023-27870  
**DESCRIPTION:**   IBM Spectrum Virtualize, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249518 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM Spectrum Virtualize

8.5

Note that this applies to all IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products which run IBM Spectrum Virtualize software.

**Remediation/Fixes**

IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000 and V5100, IBM Storwize V5000E, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud, IBM FlashSystem V9000, IBM FlashSystem 9500, IBM FlashSystem 9100 Family, IBM FlashSystem 9200, IBM FlashSystem 7300, IBM FlashSystem 7200, IBM FlashSystem 5200 and IBM FlashSystem 5000 to the following code levels or higher:

8.5.0.8

**Please ensure that you follow the steps described in "Workarounds and Mitigations" to apply the update.**

Latest IBM SAN Volume Controller Code  
Latest IBM Storwize V7000 Code  
Latest IBM Storwize V5000 and V5100 Code  
Latest IBM Storwize V5000E Code  
Latest IBM FlashSystem V9000 Code  
Latest IBM FlashSystem 9500 Code  
Latest IBM FlashSystem 9100 Family Code  
Latest IBM FlashSystem 9200 Code  
Latest IBM FlashSystem 7300 Code  
Latest IBM FlashSystem 7200 Code  
Latest IBM FlashSystem 5000 and 5200 Code  
Latest IBM Spectrum Virtualize Software  
Latest IBM Spectrum Virtualize for Public Cloud

**Workarounds and Mitigations**

Until you have applied the fix, a temporary alternative is available:

*   **Do not use the "Obtain the package directly" feature in the GUI (available in 8.5.4 and above) or the satask downloadsoftware command on the CLI.**
*   Navigate to the Fix Central website in a separate browser window, download the update package and then upload it in the GUI using the "Provide the package manually" option in the Update System panel (or simply "Update System" prior to 8.5.4).

**References**

Off

**Change History**

15 Mar 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"ST3FR7","label":"IBM Storwize V7000"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"STHGUL","label":"IBM Storwize V5000E"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU054","label":"Systems w\\/TPS"},"Product":{"code":"STKMQV","label":"IBM FlashSystem V9000"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU010","label":"Systems - Storage"},"Product":{"code":"SSV1DQD","label":"IBM FlashSystem 7300"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":""},{"Business Unit":{"code":"BU010","label":"Systems - Storage"},"Product":{"code":"SSVMX8","label":"IBM Spectrum Virtualize for Public Cloud"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":""},{"Business Unit":{"code":"BU010","label":"Systems - Storage"},"Product":{"code":"ST3FR3","label":"IBM FlashSystem 7200"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":""},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"STPVGU","label":"SAN Volume Controller"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"STHGUJ","label":"IBM Storwize V5000"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"ST3FS7","label":"IBM Spectrum Virtualize Software for FlashSystem 9150 and 9200 Software V8"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"STSLR9","label":"IBM FlashSystem 9x00"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU010","label":"Systems - Storage"},"Product":{"code":"STVLF4","label":"IBM Spectrum Virtualize as Software Only"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":""},{"Business Unit":{"code":"BU010","label":"Systems - Storage"},"Product":{"code":"SSRFRYE","label":"IBM FlashSystem 9500"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":""},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"ST3FR9","label":"IBM FlashSystem 5x00"},"Component":"","Platform":\[{"code":"PF004","label":"Appliance"}\],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}\]

CVE-2023-27870: IBMid credentials may be exposed when directly downloading code onto IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Spectrum Virtualize products [CVE-2023-27870]

CVE-2023-27870


IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.



**Security Bulletin**

  

**Summary**

IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability. This has been addressed in the remediation section.

**Vulnerability Details**

**CVEID:**   CVE-2023-27554  
**DESCRIPTION:**   IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.  
CVSS Base score: 6.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249185 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM WebSphere Application Server

9.0

IBM WebSphere Application Server

8.5

**Remediation/Fixes**

 IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH53252.

**For IBM WebSphere Application Server traditional:**

**For V9.0.0.0 through 9.0.5.15:**  
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH53252  
\--OR--  
· Apply Fix Pack 9.0.5.16 or later (targeted availability 2Q2023). 

**For V8.5.0.0 through 8.5.5.23:**  
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH53252  
\--OR--  
· Apply Fix Pack 8.5.5.24 or later (targeted availability 3Q2023). 

Additional interim fixes may be available and linked off the interim fix download page.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

10 May 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\\/OS"}\],"Version":"9.0,8.5","Edition":"Advanced,Base,Developer,Enterprise,Express,Network Deployment,Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}\]

CVE-2023-27554: IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554)

Supplementing staff by hiring hackers to seek holes in a company's defense makes economic sense in a downturn. Could they be cybersecurity's unlikely heroes in a recession?

For 30 years, Silicon Valley Bank (SVB) helped technology clients transform the region, and the world, growing to hold more than $200 billion in total assets and $175 billion in deposits. And then — spectacularly, and seemingly overnight — collapsing. While the Federal Reserve's bailout might have helped to staunch the bleeding for now, those who witnessed the events of early March firsthand will not forget what those first few frantic, uncertain days were like. The psyches of the investor class and tech sector may not recover for some time to come.

This could manifest as skittishness among the investor class, impacting tech of all focuses, but I'm particularly concerned about cybersecurity startups. A downturn in cybersecurity funding threatens not just the sector itself, but all who rely on cybersecurity innovation to keep threat actors at bay.

A recent article makes interrelated points to this effect. One: SVB has long been central to the banking needs of the cybersecurity community in the US and abroad, with public reports that roughly 500 cybersecurity vendors banked with them. Two: investors spooked by the collapse of SVB will likely be "re-evaluating practices" in the short term. Already, cybersecurity funding in 2023 had dipped to 2020 numbers. The collapse of SVB serves to intensify that trend.

One approach that has helped organizations shore up their defenses and continue innovating since the heyday of investment will be critical in this tumultuous time. Ethical hackers have always been one of the best solutions to rising rates of cybercrime. These hackers replicate the strategies of bad actors to penetrate systems and inform organizations about vulnerabilities. At this precarious economic moment, with funding collapsing and companies slashing security budgets, they're an especially viable alternative.

A downturn in funding for innovative solutions such as hackers against a perpetually intensifying cyberthreat landscape could be disastrous for both private and federal security needs. But, before explaining exactly why hackers are so important, it's worth sketching out our current threat and economic landscape in greater detail.

**Cybercrime and the Economy**

There's no shortage of statistics illustrating the challenging state of our current cybersecurity landscape. One report says cyberattacks on industrial firms increased by 87% in 2022. Meanwhile, another report shows cyberattacks against governments jumped by 95% in the second half of 2022. According to another study, the global cyberattack volume surged by 38% last year. The financial impact is significant; according to IBM, the average total cost of a data breach has risen to $4.35 million.

In many IT departments, keeping on top of their attack surface is an ongoing, hour-to-hour struggle.

The looming economic downturn will make these problems worse. Economic turbulence and spikes in cybercrime go hand in hand. In the aftermath of the 2009 recession, cybercrime rose an average of 40% over the following two years. It was clear again when Interpol and others noted a surge in cybercrime during the COVID-19 pandemic.

In other words: Economic turbulence means less investment in cybersecurity _and_ a surge in cybercrime. Put simply, it's a recipe for disaster.

**Why Hackers Are the Answer**

You can see why reduced funding for cybersecurity startups is a major problem. Any reduction in funding will be compounded by yet _another_ problem: individual companies cutting back on cybersecurity spending.

I believe that hackers represent the most viable solution to mounting budget concerns. It's not just that hackers are as inventive as the criminals they're trying to combat — prone to exactly the kind of left-of-field, unconventional thinking that routinely allows criminals to infiltrate well-fortified organizations. It's that — in a word — they're _affordable_. And what could matter more in times of economic stress?

Companies can access a diverse range of expertise and knowledge by using hackers, who bring a different mindset to your system's defenses and let you know quickly where your vulnerabilities are and how you might remediate them. Many organizations now routinely incentivize hackers to bring vulnerabilities to their attention through vulnerability reward programs such as bug bounty. That being said, such programs aren't meant to replace your very important cybersecurity teams. They're meant to supplement them, reduce internal burnout, and overall make your organization more successful.

Hackers have been largely mainstreamed by now, but a not-insignificant number of organizations remain resistant to the concept, on the logic that inviting hackers of any kind or motivation into one's internal systems may prove risky. But this is an outdated way of thinking. For proof, look no further than the US government, which is not usually known to take radical risks in the cybersecurity department. And yet: in 2017, the Department of Defense (DoD) launched Hack the Pentagon, and since then, hackers have alerted the DoD to more than 45,000 vulnerabilities. The US isn't alone in this: Insights generated by hackers are now a routine part of government security in countries all over the world, including Singapore and the UK.

A few years from now, we'll have a clearer picture of how precisely the collapse of SVB impacted the tech sector and the larger economy. In the here and now, though, all organizations need to stay on high alert. It would be a shame to weather an economic downturn just to lose it all from a major breach. The latter scenario, at least, is preventable — and hackers can help.

Tag

#ibm