Black hat hackers are responsible for writing malware, which is a method used to gain access to these systems. They usually have extensive knowledge about breaking into computer networks and bypassing security protocols. Their primary motivation is usually for personal or financial gain, but they can also be involved in cyber espionage, protest or perhaps are just addicted to the thrill of cybercrime.
White hat hackers employ the same methods of hacking as black hats, with one exception- they do it with permission from the owner of the system first, which makes the process completely legal. White hat hackers perform penetration testing, test in-place security systems and perform vulnerability assessments for companies. There are even courses, training, conferences and certifications for ethical hacking.
Grey hat hackers are a blend of both black hat and white hat activities. Often, grey hat hackers will look for vulnerabilities in a system without the owner’s permission or knowledge. If issues are found, they will report them to the owner, sometimes requesting a small fee to fix the issue. If the owner does not respond or comply, then sometimes the hackers will post the newly found exploit online for the world to see.
Grey Hats, are now increasingly engaged in Black Hat activity working as both as cyber criminals and security professionals. They are the most common in the UK, with one in 13 admitting to grey hat activity compared with one in 22 globally, a study by Osterman Research shows. The survey revealed that 40% of those polled in the UK are acquainted with someone who has participated in black hat activity, 32% admitted to being approached about participating in black hat activity and 20.6% have considered participating in black hat activity.
The main reasons security professionals go into black hat activity include the opportunity to earn more money than security professionals (53.7%), the challenge that it offers (53.1%), retaliation against an employer (39.3%), and philosophical reasons or some sort of cause (31.4%). Another factor is that black hat activity is not perceived as being wrong by all security professionals, with 29.7% of those polled in the UK expressing this view.
According to the research the greater likelihood for UK professionals to engage in cyber crime is being attributed to low salaries, stating that some 32% had been approached to participate in black hat activities. The highest starting salary for an entry-level IT security professional in Australia came in the highest at nearly $95,000 per year, while the lowest salaries recorded in the report were in the UK and Germany, as low as $36,000 equivalent.
Nearly half of UK security professionals polled (46.3%) said it is easy to get into cyber crime without getting caught, according to the study report commissioned by security firm Malwarebytes, which also polled security professionals in the US, Germany, Australia and Singapore.
In the Osterman Research white paper entitled White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime, it is found that insider threats account for a quarter of the eight serious cybersecurity risks that significantly affect private and public sectors. To put it another way, an organization’s current and former employees, third-party vendors, contractors, business associates, office cleaning staff, and other entities who have physical or digital access to company resources, critical systems, and networks are collectively ranked in the same list as ransomware, spear phishing, and nation-state attacks.
The insider threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems. Insider threats have the ability to expose an organization to a wide range of cybersecurity hazards, simply because they are considered trustworthy or close to the data or systems most at-risk.
The majority of insiders who have caused their employers a headache didn’t necessarily have technical backgrounds. In fact, they didn’t have the desire or the inclination to do something malicious against their company to begin with. In the 2016 Cost of Insider Threats, a benchmark study conducted by the Ponemon Institute, a significant percentage of insider incidents within companies in the United States was not caused by criminal insiders but by negligent staff members.
Another Research by Osterman Research “White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime” found almost one in 10 U.S. security professionals has admitted to having considered participating in Black Hat activity
The study polled 900 senior IT decision-makers and IT security professionals in Australia, Germany, the U.S., U.K., and Singapore about the impact of cybercrime on their bottom line, and also looked at all sides of IT security costs from budget and remediation, to hiring, recruiting and retention.
The study also found that Black/Gray Hats aren’t hard to find in today’s Security Operations Centers (SOCs). More than half of all U.S. security professionals surveyed (50.5 percent) know or have known someone that has participated in Black Hat activity. This was the highest rate of all countries surveyed. The global average was 41 percent.
“The current skills shortage combined with a steady stream of attacks against antiquated endpoint protection methods continues to drive up costs for today’s businesses, with a seemingly larger hit to security departments of mid-market enterprises,” said Marcin Kleczynski, Malwarebytes CEO.
“On top of this, we are seeing more instances of the malicious insider causing damage to company productivity, revenue, IP and reputation. We need to up-level the need for proper security financing to the executive and board level. This also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions.”
According to the study, cybercrime incidents are escalating, security budgets are exploding and security remediation costs are skyrocketing:
- U.S.-based businesses experienced a higher number of very serious security events such as ransomware and intentional insider breaches compared to other countries surveyed—an average of 1.8 incidents in 2017.
- Based on security budget per employee responses, the average 2,500 employee company in the U.S. will spend more than $1.8 million dollars on security costs. That number is expected to increase to more than $2 million in 2018—nearly twice the average cost of all global responses (more than $1 million in 2018).
- Remediating major security incidents is extremely expensive: the average global expenditure for remediating just a single event is approximately $290K for a 2,500-employee organization. In the U.S., the average cost escalates to $429K.
- Phishing was the most common cause of major incidents globally (44 percent) with ransomware (26 percent) and spear phishing (20 percent) also in the top five. While the delivery tactics are familiar, the malware has grown increasingly complex and sophisticated.
In addition, midsize companies (500-999 employees) are getting squeezed with massive increases in security incidents and exploding security budgets, but have fewer employees and smaller budgets:
- To protect against a high volume of malicious attacks, mid-sized companies’ security budgets increased by 36 percent.
- Mid-market businesses had the highest percentage of security budget increases from 2017 to 2018 (36.32 percent increase for midsize companies; 20.46 percent increase for large companies; 8.5 percent increase in budget for small companies) to counter the significantly higher levels of adware, accidental insider data breaches and intentional insider data breaches and even nation state attacks.
- Mid-sized companies spent 19 percent of their security budget remediating compromises. Fewer staff on-hand in mid-sized companies’ Security Operations Centers (SOCs) to handle the volume of attacks resulted in the highest percentage of security budget spent on remediating attacks (18.62 percent of budget spent on remediating compromises) compared with both large (11.3 percent) and smaller (13.97 percent) companies.
- 49 percent of global mid-market professionals were most likely to suggest that it’s easy to get into cybercrime without getting caught.
References and Resources also include:
https://www.computerweekly.com/news/252446507/Cyber-security-double-agents-most-common-in-the-UK