Cybersecurity experts are increasingly going astray and choosing the criminal side of the darknet, offering their services to cybercriminals. This puts businesses in a difficult position, forcing them to either cut profits in order to retain valuable personnel, or find ways to protect themselves from those who know their weaknesses best.
Layoffs and consolidation in the cybersphere increase the burden on remaining employees. At the same time, wage growth is stagnating, making criminal "freelancing" an increasingly attractive way to make ends meet, according to a new study by the Chartered Institute of Information Security (CIISec). The Institute examined ads for cyber services posted on the darknet.
The CIISec report provides a long list of suggestions, such as from an experienced Python developer who is willing to create chatbots for $30 an hour to buy gifts for children at Christmas. Another pro offers phishing pages, crypto drainers, and other hacking tools. Another highly skilled coder develops malware using AI, starting at $300 per hour.
"I was shocked and deeply concerned to see qualified professionals turning to cybercrime because of mass layoffs," said Devin Oertel, CISO of Menlo Security. — This marks a critical change in the industry, as well as an urgent need for new job openings and opportunities for continuous training of professionals."
Ertel believes that the reason for this alarming trend may be a surplus of talent and economic instability. Gartner predicts that by 2025, 25% of heads of information security firms will leave their posts due to stress. At the same time, despite the cuts in the cyber sector, which mainly affect marketing and sales, hundreds of thousands of security vacancies remain in the United States alone.
Cybersecurity expert and consultant Hal Pomorantz fears that a drop in morale in the industry could trigger a surge in insider attacks. "Instead of external threats, I would pay attention to internal ones," he says. - Mass layoffs in IT destroy employee morale and generate cynicism and contempt for management. I wonder how many of the remaining ones will be willing to betray their employers for a decent amount of money?"
The solution for many businesses, according to Gareth Lindahl-Weiss of CISO Ontinue, requires a better understanding of the roles they are seeking to fill and the selection of suitable candidates. "There is no doubt that there is a shortage of qualified and experienced specialists," he explains. — However, I would also point out some high expectations on the part of employers. Do you really need someone with many years of experience in a related field to perform a specific task?"
According to Patrick Thicke, vice president of Keeper Security, in addition to competitive remuneration, companies should offer clear career paths for ambitious employees, advanced training opportunities, and flexible work arrangements, including remote format, where applicable.
"Managers are struggling to attract the necessary cyber talent to protect their organizations, while having to balance the distribution of remote work forces, an increasing number of endpoints, and an ever-expanding threat landscape," he explains.
Finally, in addition to the tasks of hiring staff and eliminating staffing gaps, Sunil Muralidhar, Vice President of ColorTokens, encourages managers to prioritize psychological health and stress management in their teams. "Communication with professionals of various roles — from ordinary employees to managers and partners of the company — reveals the common problem of extremely high levels of stress," he notes.
According to Muralidhar, this is largely due to the disproportionate burden that cybersecurity units are forced to bear, protecting organizations with extremely limited resources.
Layoffs and consolidation in the cybersphere increase the burden on remaining employees. At the same time, wage growth is stagnating, making criminal "freelancing" an increasingly attractive way to make ends meet, according to a new study by the Chartered Institute of Information Security (CIISec). The Institute examined ads for cyber services posted on the darknet.
The CIISec report provides a long list of suggestions, such as from an experienced Python developer who is willing to create chatbots for $30 an hour to buy gifts for children at Christmas. Another pro offers phishing pages, crypto drainers, and other hacking tools. Another highly skilled coder develops malware using AI, starting at $300 per hour.
"I was shocked and deeply concerned to see qualified professionals turning to cybercrime because of mass layoffs," said Devin Oertel, CISO of Menlo Security. — This marks a critical change in the industry, as well as an urgent need for new job openings and opportunities for continuous training of professionals."
Ertel believes that the reason for this alarming trend may be a surplus of talent and economic instability. Gartner predicts that by 2025, 25% of heads of information security firms will leave their posts due to stress. At the same time, despite the cuts in the cyber sector, which mainly affect marketing and sales, hundreds of thousands of security vacancies remain in the United States alone.
Cybersecurity expert and consultant Hal Pomorantz fears that a drop in morale in the industry could trigger a surge in insider attacks. "Instead of external threats, I would pay attention to internal ones," he says. - Mass layoffs in IT destroy employee morale and generate cynicism and contempt for management. I wonder how many of the remaining ones will be willing to betray their employers for a decent amount of money?"
The solution for many businesses, according to Gareth Lindahl-Weiss of CISO Ontinue, requires a better understanding of the roles they are seeking to fill and the selection of suitable candidates. "There is no doubt that there is a shortage of qualified and experienced specialists," he explains. — However, I would also point out some high expectations on the part of employers. Do you really need someone with many years of experience in a related field to perform a specific task?"
According to Patrick Thicke, vice president of Keeper Security, in addition to competitive remuneration, companies should offer clear career paths for ambitious employees, advanced training opportunities, and flexible work arrangements, including remote format, where applicable.
"Managers are struggling to attract the necessary cyber talent to protect their organizations, while having to balance the distribution of remote work forces, an increasing number of endpoints, and an ever-expanding threat landscape," he explains.
Finally, in addition to the tasks of hiring staff and eliminating staffing gaps, Sunil Muralidhar, Vice President of ColorTokens, encourages managers to prioritize psychological health and stress management in their teams. "Communication with professionals of various roles — from ordinary employees to managers and partners of the company — reveals the common problem of extremely high levels of stress," he notes.
According to Muralidhar, this is largely due to the disproportionate burden that cybersecurity units are forced to bear, protecting organizations with extremely limited resources.
