Cyber security professionals find it more interesting to take their talents to the Dark Web and earn money working on the offensive side of cybercrime. This puts businesses in a difficult position: cutting profit growth to prevent cybersecurity expertise from getting to the highest bidder, or figuring out how to defend their networks from those who know their weaknesses most intimately.
Layoffs and consolidation across the IT industry are increasing pressure on remaining workers at the same time Wage growth has stalled — making cybercrime collateral trafficking an increasingly attractive way for IT professionals to make ends meet, according to a new study by the Chartered Institute of Information Security (CIISec), which analyzed Dark Web ads for cybercriminal services provided by professionals with day jobs in cybersecurity.
The CIISec report found a number of offers on Dark Web sites, including a professional Python developer who allegedly created chatbots for $30 an hour to earn extra money for Christmas presents for his children. Another experienced developer will build phishing pages, cryptocurrency drainers and more, while yet another will use artificial intelligence to help with coding, starting at $300 an hour, CIISec reported.
IT professionals are turning to cybercrime – an alarming new trend
This alarming trend marks a whole new era in cybersecurity, according to Devin Ertel, CISO at Menlo Security.
“I am shocked and disturbed to see skilled professionals engaging in cybercrime amidst mass layoffs,” Ertel says. “This marks a significant change, reflecting the urgent need for both employment and continuing training in the sector.”
Ertel points to a surplus of IT talent and economic uncertainty as potential drivers of the “unfortunate trend.”
Gartner predicts that by 2025, 25% of the cybersecurity leaders will step down from their roles due to stress. And despite layoffs in the cybersecurity sectorwhich have largely focused on non-technical roles in marketing, sales and administration, still exist hundreds of thousands of open jobs only in the US cybersecurity industry.
Cybersecurity morale could favor insider threats
This puts even more pressure on the remaining teams, lowering morale across the industry, which cybersecurity expert and consultant Hal Pomeranz fears could also lead to a spike in insider threats.
“Instead of worrying about external threats, I would watch out for internal attacks,” Pomeranz says. “Mass layoffs in the tech industry destroy employee morale and fuel cynicism and contempt for management. I wonder how many of the remaining employees would feel comfortable selling out their employers if the price was right?”
The solution for many companies requires better understanding the roles they are trying to fill and matching them with the right employees, says Gareth Lindahl-Wise, CISO at Ontinue.
Cyber must adapt to close the skills gap
“There is undoubtedly a shortage of qualified and experienced IT professionals,” explains Lindahl-Wise. “However, I would be blunt in saying that there is some misguided expectation on the part of the buyer. Do you really need someone with X years of experience in a security field tangential to the job you want them to do?”
Once hired, cybersecurity talent should have additional professional development opportunities and a career path, advises Patrick Tiquet, vice president of security and architecture at Keeper Security.
“Business leaders are faced with the challenge of sourcing the necessary cybersecurity talent to keep their organizations safe while balancing distributed remote workforces and a growing number of endpoints with an ever-expanding threat landscape.” , explains Tiquet. “In addition to competitive pay, organizations must provide clear career paths for those who wish to advance, professional development opportunities and flexible working arrangements that allow for remote working when possible.”
In addition to recruiting, hiring and closing the cybersecurity skills gapColorTokens Vice President Sunil Muralidhar urges managers to do so focus on mental health and stress management among their cybersecurity teams.
“Working with security professionals in different roles, from professionals to executives to partners, reveals a common thread of high stress levels among them,” says Muralidhar. “This is largely due to the disproportionate burden that security bears in safeguarding the organization with significantly limited resources.”