Grey Hat Warning as UK Security Pros Consider the Dark Side
One in 13 UK cybersecurity professionals have admitted they also participate in black hat activities, according to new research from Malwarebytes.
The security vendor commissioned Osterman Research to poll 900 professionals in the US, UK Germany, Australia and Singapore to compile its latest study, White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime.
The UK stood out for three reasons. Its companies had the lowest average security budget of any globally, 97% of UK firms have fallen victim to a significant security threat over the past year, the highest of any country, and nearly 8% of respondents admitted to grey hat activity, versus a global average of 4.5%.
The study also revealed that 40% of UK security pros have known someone that has participated in black hat activity, 32% have been approached to take part and 21% have considered doing it.
The most popular reasons given for doing so were to earn more money (54%), the challenge that it offers (53%), retaliation against an employer (39%), philosophical reasons or some sort of cause (31%) and that it is not perceived as wrong (30%).
The financial challenge is likely to continue as the average security budget in the UK for a 2500-employee organization is set to grow by just 10% to £220,000 in 2018, according to the report. The largest chunk of this (17%) is apparently spent on remediation, with respondents claiming they’d spend on average more than £188,000 to remediate an incident.
"Companies need to assign more resources to their security budget, and that includes salaries for security researchers and other technicians. If an employee begins grumbling about pay, and if human resources are unresponsive to his or her requests, then organizations may be setting themselves up for a much larger financial loss down the line,” senior malware intelligence analyst, Jérôme Segura, told Infosecurity.
"Companies need to look for signs of individuals becoming unhappy or unfulfilled in their position and address them early on. Having regular dialogues between HR, managers and employees can help avoid more complicated situations at a later date.”
Segura added that tightening access controls can also help to mitigate the inside threat.
Source: Information Security Magazine