show image

Thousands of UK security researchers may be moonlighting as cyber criminals

Thousands of British cyber security professionals may be moonlighting as ‘black hat hackers’, according to a new report.

A survey of security workers in the UK, US, Germany, Singapore and Australia indicated that Brits were the most likely to engage in cyber crime.

The report, written by Osterman Research, revealed that as many as one in 13 cyber security professionals in the UK may have carried out illegal hacking. Around 58,000 people are employed in the industry in the UK, indicating that more than 4,500 British cyber security professionals are working illegally on the side.

Brits were more likely than average to have been approached for ‘black hat’ work, with one in three having been contracted and one in five having considered their offers. Those surveyed in the UK believe that 7.9 per cent of their colleagues have carried out illegal work.

Have you moonlighted as a ‘black hat hacker’? If you’d be willing to speak to us anonymously, please email: oscar.williams@newstatesman.co.uk. Signal and WhatsApp contact details are available on request.

The report, which was commissioned by Malwarebytes, also sheds light on what motivates cyber security professionals to carry out criminal work. Globally, 45 per cent think it is easy to carry out cyber crime without getting caught and more than half think it’s more lucrative than ‘white hat hacking’.

Nearly 40 per cent said that retaliating against an employer could be a motive, while nearly a third cited philosophical reasons, such as promoting a cause. Almost 30 per cent said some may not see illegal hacking as wrong.

Malwarebytes researcher Jerome Segura said “companies need to look for signs of individuals becoming unhappy or unfulfilled in their position” if they are to stop them from selling the skills they have honed at work on the dark web.

“Having regular dialogues between HR, managers and employees can help avoid more complicated situations down the line,” he added. “Money is also a huge factor. Companies need to assign more resources to their security budget, and that includes salaries for security researchers and other technicians.

“If an employee begins grumbling about pay, and if human resources are unresponsive to his or her requests, then organisations may be setting themselves up for a much larger financial loss down the line.”