READY, SET, HACK! Decathlon Technology organized its first live bug bounty at the International Cybersecurity Forum
Security of our digital assets is a priority for Decathlon, and the stakes are high for the communications team.
Faced with the increasing number and sophistication of cyber attacks, Decathlon is constantly working heavily to maintain a high level of security and counter any malicious actions and threats.
#Cybersecurity is a highly strategic part of the Decathlon value chain, and the stakes are high for the #communications team. It is our job to run campaigns to ensure 100,000 Decathlon teammates worldwide across 60 countries are aware of #cybersecurity threats and how to deal with them.
We also organize events to enable our cybersecurity experts to train their muscles and learn how to react to new, more sophisticated threats.
The 2022 edition of the International #Cybersecurity Forum (FIC) took place in Lille, France, on the 7th — 9th June, bringing together experts from the digital security field. For the occasion, our communications team spearheaded Decathlon’s first Live Bug Bounty in partnership with the platform YesWeHack.
Cyber risk is a major issue for companies, whatever their sector of activity or size, and is the subject of strong strategic consideration. This is all the more important when you consider that the average cost of a cyber attack is around 8.6 million euros.
The risk only heightens the more your brand is known. The Decathlon brand is present in 60 countries, addressing the needs of 500 million users of its products and services and a community of more than 190 million members.
Since Decathlon is a major digital player, we enjoy high visibility, but at the same time, face a great exposure to cyber risks.
Our cybersecurity teams deploy numerous resources and tools to ensure the security of the company’s activities across the countries in which it operates. In order to remain at the cutting edge of innovations, we have been participating in a private bug bounty program for a year on the YesWeHack platform.
A bug bounty is a reward offered to a person who identifies an error or vulnerability in a computer program or system.
The program allows our Product and Cybersecurity teams to benefit from continuous security testing and to mobilize the talents of a pool of ethical hackers over long periods of time and not only in ‘pen test’ schemes concentrating work and attention on short periods of a few days.
Beyond these tests, our team works every day to deliver value and trust to Decathlon customers.
However, the communications team wanted to introduce a new concept: the live bug bounty. This is a unique and invaluable opportunity for corporate security teams to ensure we stay up-to-date with the latest threats.
This event was a key new step in terms of putting our #tech team to the test. For two days during the FIC event, the Decathlon Technology cybersecurity experts were put to the test by ‘hunters’ during a real-time bug bounty that awarded the ‘best in class’ with bonuses calculated according to the severity of the flaws found.
Decathlon Technology’s cybersecurity experts were able to exchange with hunters, enabling our team to better understand how these profiles think and how they work around vulnerabilities. This, in turn, enables them to improve our security measures and increase our security position.
On the other hand, it’s an easy way for hackers to ask live questions to Decathlon program managers to get more information about the programs and delve even further in their research for bugs. Hackers may collaborate with each other to pool their skills and expertise and go further in the hunt for new vulnerabilities and exploitations.
A Bug Bounty is challenging for us and it engages us. When hunters detect a vulnerability, they submit a report. And when this vulnerability is critical, we give ourselves a constrained deadline to correct it. This responsiveness is essential to our commitments. It allows us to maintain the high level of requirements that characterize us at Decathlon and which keeps both the attackers and our teams motivated.
A huge thanks to the YesWeHack team for helping to make this event happen and the more than 50 hackers that attended… A special shout out to the bug bounty winners Zax, Hisxo and Carl Johnson!
Check out the video :
Interested in joining the Decathlon Technology team? Check out all of our career opportunities here.
