Numerous studies focus on aspects of cybercrime aftermath, such as a company’s lost reputation or its struggles to obtain future clients after incidents.
However, Malwarebytes commissioned Osterman Research to determine the direct costs of cybercrime associated with three areas: the costs of major event remediation, expenses for security budgets and cybercrime caused by so-called “gray hats.”
The rest of this piece not only reveals the growing prominence of gray hats but, primarily, how common it is for security professionals to get approached about black hat hacking.
The Three Main Types of Hackers
A gray hat is a type of hacker that probes a company’s products or networks for vulnerabilities. When the person finds some, they contact the company and typically expect a financial reward for their revelations.
Gray hat hackers keep their day jobs as security professionals but engage in their less publicized activities outside typical work hours.
There are also white hat hackers. Companies knowingly hire them to probe for vulnerabilities and find them before cybercriminals use them for damaging purposes.
Then, of course, there are the black hat hackers, who solely infiltrate systems for malicious means.
Worrying Conclusions About Black Hat Hacking
Worldwide statistics collected for this study indicate that 41 percent of respondents either know or have known someone who took part in black hat hacking.
Worse still, 12 percent of people polled admitted they’d personally considered taking the approach. Perhaps that’s because the allure to do so is seemingly always there.
Overall, 22 percent of people reported being asked to perform black hat hacking.
Those kinds of opportunities most often presented themselves in the United Kingdom, with 21 percent of people there saying they were asked, and least likely to happen in the United States, where only eight percent of individuals got approached with such offers.
Possible Frustration From Workers at Mid-Sized Companies
Data from the study ordered by Malwarebytes showed that mid-sized organizations — those with 500-999 employees — are feeling the pinch of increasing security threats. The number of attacks they deal with is on the rise, but the number of employees on hand to deal with them and the available financial resources aren’t.
Some cybersecurity professionals ultimately decide it’s time to move on and find other organizations that devote more resources to keeping networks secure. Over 36 percent of people polled for Malwarebytes said they agree there is more earning potential in defending against cybercriminals as opposed to becoming one.
However, people could easily decide it’s worthwhile to do both, especially if trying to save extra cash before leaving an organization that doesn’t have adequate cybersecurity resources. If so, employees could put their workplaces at risk, especially if the black hat hacking exploits involve conflicts of interest or leaking confidential details to entities on the dark web.
Money May Not Be the Primary Motivator
The poll also highlighted how 49 percent of the professionals at mid-level companies suggested it’s possible to get into black hat hacking without getting caught. Plus, over 50 percent of global respondents from companies of all sizes said that the challenging aspect of the activity was a perceived reason to give black hat hacking a try.
So, if cybersecurity professionals don’t feel their employers adequately utilize their talents during their day jobs, they might look for excitement and engagement elsewhere.
Companies are also under threat if their current or former employees have grievances. Over 53 percent of the respondents in the United States who weighed in for the Malwarebytes survey identified employer retaliation as a reason to become black hat hackers.
A Common Perception of Gray Hat Hacking Activity
One surprising finding of the Malwarebytes study not related to black hat hacking was that people in the security industry suspect when their peers delve into the gray hat realm. It’s becoming more and more likely for people to think co-workers are hacking in this way.
The survey found that around the world, one out of 22 security professionals are perceived by their peers to act as gray hat hackers, and that perception is even more likely in the United Kingdom.
This perception could be another reason these specialists decide to diversify their earnings through unauthorized activities. If people think the majority of their coworkers are already working as gray hat hackers, they probably won’t hesitate to do the same.
Additionally, once people are already working as gray hat hackers, making the transition to black hat hacking isn’t as hard.
Cybersecurity Professionals May Not Stay Loyal to Their Employers
This study shows that when cybersecurity professionals want to do more challenging work, need to earn money on the side or perceive that illegal hacking is common among their colleagues, they’re more likely to do it.
Other reasons exist too, but companies that want to discourage it should focus on their employees by not spreading them too thin and otherwise tempting them to secretly share their talents elsewhere.