Lure of cybercrime leads security professionals to become 'gray hats'
The attractions and profitability of the digital underworld are leading some security practitioners to become 'gray hats' and get involved in cybercrime according to a new report from Malwarebytes.
The study carried out by Osterman Research finds that in the UK as many as one in 13 security professionals are perceived to be gray hats. Globally, mid-sized organizations (those with 500 to 999 employees) are getting squeezed the hardest, and this is where the skills shortage, and the allure of becoming a gray hat, may be greatest.
In the US, security professionals believe that 7.9 percent of their fellow security professionals are gray hats. Underlining the depth of the problem is the fact that 21 percent of security professionals admit to considering participation in black hat activity, 32 percent have actually been approached about doing so, and 40 percent either know or have known someone who has taken part in this activity.
"A lot of these guys are age 17 to 25 and take the attitude, 'I don’t see a problem with this, or I need to make more money,' so they turn to black hat activity," says Adam Kujawa, director of malware intelligence at Malwarebytes. "There's also a perception that black hats earn more than white hats do. While this may be true for players at the very top, people lower down the organization don't make as much."
Among other findings are that most organizations in the UK have suffered some type of security breach during the 12 months preceding the survey. The most commonly experienced type of attack is from phishing, but other attacks that were experienced included adware/spyware, spearphishing and ransomware. Only three percent of organizations reported no attacks of which respondents were aware during the 12 months leading up to the survey.
Major attacks that would cause significant disruption to an organization's operations -- such as a major ransomware attack that disrupted normal operations or completely shut down an organization's computing infrastructure for a day more -- occur with alarming frequency. In the UK organizations experienced once such attack every six months during 2017.
You can read more about the results in the full report available from the Malwarebytes website.