The recent NCA report shows how easy it is for young people to slip down the path of cybercrime. The barrier to entry in the cyber crime market is at an all-time low with the tools needed to create new ransomware attacks available for free online. There are videos, tutorials, and blogs all detailing how to make money usually in the form of anonymous crypto currencies such as bitcoin.
The problem is that cyber crime is seen as low risk and high reward and with the faceless anonymity of a computer terminal it is all too easy for a moral compass to point in the wrong direction. The same teenagers who wouldn’t dream of burglary or kidnap will happily rob and extort victims online. The difference between right and wrong in 2017 can be a single digit in a command, this is a very fine line that is easily crossed.
If you talk to a lot of security professionals, myself included, you will find they were drawn into a career in security after dabbling with ways to break into systems, cheat in computer games or bypass some restriction. Many of us were fortunate that at the time there was far less connectivity and a lot less awareness so the impact was limited. However, young people today can easily be the cause of a multimillion pound data breach with serious legal and financial consequences.
I believe that ultimately this is an education problem, as the industry has simultaneously declared a skills shortage for security professionals and a rise in cyber crime. If the education system was setup to guide young people into information security and explain the pitfalls of computer misuse then we would all be in a better position. As a nation, we are very much behind the curve having only recently introduced programming and computing as core parts of the curriculum, even now students are often way ahead of schools and teachers in this respect.
The difference between a hacker and security professional is often who signs the pay check. The skills and motivations are often essentially the same. There is a lot of young cyber talent out there that we should be harnessing, not fighting against. There will always be some who turn to crime however as we have seen with the rise of hacktivism there is often a huge desire to do more than just commit a crime for personal benefit.
James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.