Low Paid IT Professionals Twice As Likely To Moonlight As Cyber Criminals
Low salaries are being blamed for a rise in ‘grey hats’, cyber security professionals who also engage in hacking for financial rewards, claims report.
More than one in every 22 people working in a cybersecurity capacity are believed to be ‘grey hat’ criminals according to a report by Osterman Research in collaboration with Malwarebytes. The figure in the UK rises to one in 13 which is twice as many as some European countries.
According to the research the greater likelihood for UK professionals to engage in cyber crime is being attributed to low salaries, stating that some 32% had been approached to participate in black hat activities. The highest starting salary for an entry-level IT security professional in Australia came in the highest at nearly $95,000 per year, while the lowest salaries recorded in the report were in the UK and Germany, as low as $36,000 equivalent.
The attraction to moonlight as a grey hat is a strong one. Osterman Research believe that a key reason for becoming a black hat is that participants can earn more than they can as a security professional. Corroborating this finding is another study that showed the most lucrative cybercriminals can earn in excess of $166,000 per month, mid-range earners can make $75,000
per month, and that even at the low end of the earnings scale, cybercriminals can earn more than $3,500 per month.
“There are a number of reasons that security professionals see as reasons for becoming a black hat, but the most common reason cited in our research is the ability to earn more money than by working as a security professional,” said the report.
Nearly Every UK Business Affected By Security Incidents
The report also revealed that 97% of UK companies were affected by security incidents in the last 12 months. This was due to a number of coinciding factors said the report – blaming lower salaries, skills shortage across the cyber security spectrum, and insider threats on top of malicious outside attacks.
Marcin Kleczynski, Malwarebytes CEO, said he saw more instances of the malicious insider causing damage to company productivity, revenue, IP and reputation.
“We need to up-level the need for proper security financing to the executive and board level. This also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions.” he added.