One in every 13 cybersecurity professionals are considered to be ‘grey hats’ by their colleagues while 20 percent have considered becoming black hats.
The findings were released in a report published today by IT security company Malwarebytes.
The report also found that an organisation in the United Kingdom with 2,500 employees should expect to pay more than £821,000 per year in cybersecurity-related costs.
In cybersecurity terminology, a black hat is a hacker with malicious intent and are responsible for ransomware and cyber breaches. Whereas a white hat are cyber professionals who use their hacking skills to help companies identify vulnerabilities within their security systems.
A grey hat is considered to be a blend of the two. They will probe cybersecurity system for vulnerabilities without permission. Upon discovering a weak link, they will report it to the company often expecting a fee in return; this is opposed to a black hat who would exploit it in a malicious manner.
Seduced by the Dark Side
In their report, Malwarebytes found that: “Fifty-four percent of those we surveyed in the UK believe that a motivating factor for becoming a black hat is the opportunity to earn more money than as a security professional.”
In a report by virtualization based security specialists Bromium, they found that: “High-earning cybercriminals can make $166,000+ per month.”
Speaking to Computer Business Review, Jerome Segura, Senior Malware Analyst at Malwarebytes told us: “Companies need to look for signs of individuals becoming unhappy or unfulfilled in their position and address them early on.”
“Having regular dialogues between HR, managers and employees can help avoid more complicated situations down the line.”
“Money is also a huge factor. Companies need to assign more resources to their security budget, and that includes salaries for security researchers and other technicians.”
“If an employee begins grumbling about pay, and if human resources are unresponsive to his or her requests, then organisations may be setting themselves up for a much larger financial loss down the line,” he added.
Smörgåsbord of Threats
In their survey, Malwarebytes found that 97 percent of UK organisations queried reported that they had been either probed or fell victim to a cyberattack in the last year.
The most common form of attack reported was phishing which accounts for 57 percent of reported attacks.
Adware/spyware and spearphishing, a more direct form of phishing that often includes personal details to give the malicious content an authentic look, come in at second and third most reported.
Ransomware is the fourth most common according to the report and it is considered to be the most serious risk to an IT infrastructure.
30 percent of businesses consider it to be a very serious form of cyberattack and one that has to be mediated with haste.
See Also: Chinese shipping giant COSCO falls victim to a ransomware attack that cripples their north american operation
When asked about the possibility of black hats situating themselves inside companies to gain access to its systems, Jerome Segura of Malwarebytes added: “The insider threat can take different shapes and forms. Usually, disgruntled employees are the most common type, but we cannot exclude more insidious actors infiltrating a company with nefarious goals in mind”
“Proper access control ensures that individuals turning rogue have only limited access to the company’s most important resources,” he noted.