While nearly 3 billion people around the world are called upon to confine themselves, companies have turned massively to telework to be able to ensure the continuity of their activities in times of coronavirus crisis. And for some of them, the transition from the office to remote work was done in a rush. What undermine all the protections of a company in cybersecurity.
Read also: Coronavirus: do telework and cybersecurity go hand in hand?
This risk, the Rouen startup YesWeHack intends to capitalize on it. Launched in 2013, the platform claims the title of European leader in “bug bounty” (in French, hunting for computer bugs in exchange for bonuses). The start-up allows companies to test their IT systems by calling on its large community of cybersecurity researchers, known as “ethical hackers”. Distributed in 120 countries, more than 15,000 ethical hackers are registered on the platform.
200 bugs reported last week
Not surprisingly, the young shoot of 34 employees has experienced an increase in its activity since the start of the coronavirus crisis. “More than 200 bugs were reported last week – twice as many as usual”, figure Guillaume Vassault-Houliere, CEO and co-founder of YesWeHack. “However, the bugs detected are similar to those which are traditionally used: remote control takeovers, session theft …”
“Many companies have launched business continuity plans in disaster. Often, this translates into a wide and rapid opening of IT systems to allow employees to work remotely, continues the co-founder. Consequence: information being more extensive, they find themselves more exposed and therefore more vulnerable to attack. “
And a period of confinement requires, the hacker community is even more available on the YesWeHack platform.
Each client company determines its own specifications: the duration of the hack, the scope of action, the amount of bonuses awarded … The programs can relate to a website, a mobile application or even a connected object. The startup claims more than 300 customers in twenty countries, including Bla Bla Car, Dailymotion, Deezer, but also the Ministry of the Armed Forces. Among the sectors that are very widely covered, banking, finance and insurance.
From 50 to 20,000 euros bonus for hackers
The business model of YesWeHack is based on an annual subscription of “a few tens of thousands of euros”, variable according to the size and the needs of the customers.
“We allow companies to continuously test their IT systems to stay operational and secure – unlike a simple annual audit which, by definition, will be punctual”, underlines Guillaume Vassault-Houliere.
YesWeHack also collects from companies “variable commissions” on the payment of premiums paid to hackers. They receive rewards, again variable depending on the bugs detected, ranging from 50 to 20,000 euros.
The startup, which does not communicate its turnover, is not yet profitable. It only indicates to have realized “several million euros” in revenue in 2019. Last February, the start-up had raised 4 million euros in order to internationalize. After opening several offices in France (Rouen, Paris, Rennes), the startup has expanded to Switzerland, Singapore and Germany. To continue its growth, it plans to recruit fifteen employees by the end of the year.
Read also: How YesWeHack intends to popularize the bug bounty in companies