Cybersecurity Professionals Enticed By The Dark Side

One in every 13 cybersecurity professionals are considered to be ‘grey hats’ by their colleagues while 20 percent have considered becoming black hats.

The findings were released in a report published today by IT security company Malwarebytes.

The report also found that an organisation in the United Kingdom with 2,500 employees should expect to pay more than £821,000 per year in cybersecurity-related costs.

In cybersecurity terminology, a black hat is a hacker with malicious intent and are responsible for ransomware and cyber breaches. Whereas a white hat are cyber professionals who use their hacking skills to help companies identify vulnerabilities within their security systems.

A grey hat is considered to be a blend of the two. They will probe cybersecurity system for vulnerabilities without permission. Upon discovering a weak link, they will report it to the company often expecting a fee in return; this is opposed to a black hat who would exploit it in a malicious manner.

Seduced by the Dark Side

In their report, Malwarebytes found that: “Fifty-four percent of those we surveyed in the UK believe that a motivating factor for becoming a black hat is the opportunity to earn more money than as a security professional.”

In a report by virtualization based security specialists Bromium, they found that: “High-earning cybercriminals can make $166,000+ per month.”

Speaking to Computer Business Review, Jerome Segura, Senior Malware Analyst at Malwarebytes told us: “Companies need to look for signs of individuals becoming unhappy or unfulfilled in their position and address them early on.”

“Having regular dialogues between HR, managers and employees can help avoid more complicated situations down the line.”

“Money is also a huge factor. Companies need to assign more resources to their security budget, and that includes salaries for security researchers and other technicians.”

“If an employee begins grumbling about pay, and if human resources are unresponsive to his or her requests, then organisations may be setting themselves up for a much larger financial loss down the line,” he added.

Smörgåsbord of Threats

In their survey, Malwarebytes found that 97 percent of UK organisations queried reported that they had been either probed or fell victim to a cyberattack in the last year.

The most common form of attack reported was phishing which accounts for 57 percent of reported attacks.

Adware/spyware and spearphishing, a more direct form of phishing that often includes personal details to give the malicious content an authentic look, come in at second and third most reported.

Ransomware is the fourth most common according to the report and it is considered to be the most serious risk to an IT infrastructure.

30 percent of businesses consider it to be a very serious form of cyberattack and one that has to be mediated with haste.

When asked about the possibility of black hats situating themselves inside companies to gain access to its systems, Jerome Segura of Malwarebytes added: “The insider threat can take different shapes and forms. Usually, disgruntled employees are the most common type, but we cannot exclude more insidious actors infiltrating a company with nefarious goals in mind”

“Proper access control ensures that individuals turning rogue have only limited access to the company’s most important resources,” he noted.

Computer Business Review:

You Might Also Read:

Tackling The Insider Threat: … Where To Start?

« The Future Airman Is A Hacker
Cybersecurity Training For High School Students »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

Softtek

Softtek

Softtek helps its clients to gain a competitive edge by implementing digital solutions that propel their business strategies.

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

Cyberkov

Cyberkov

Cyberkov services include Pentesting, Vulnerability Assessments, Digital Forensics, Incident Response, Source Code Analysis and Security Training.

Beta Systems Software

Beta Systems Software

Beta Systems automate IT-based business processes, control access rights, monitor processes, secure the network and optimize the infrastructure management of corporate IT.

MerlinCryption

MerlinCryption

MerlinCryption develops infrastructure security software, delivering advanced encryption, authentication, and random data generators, for Cloud, VoIP, eCommerce, M2M, and USB hardware.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

NXO France

NXO France

NXO is an independent leader in the integration and management of digital workflows with services covering digital infrastructures, communications & collaboration, and security.

Avira

Avira

Avira provide a portfolio of antivirus, security and performance applications for Windows, Android, Mac, and iOS.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Byos

Byos

Byos provides visibility of devices across all networks, regardless of location, integrating with your existing security stack.