Cybersecurity professionals find it more attractive to take their talents to the dark web and make money working on the attacking side of cybercrime. This puts companies in a tough position. They must either cut into profit growth to keep cybersecurity skills from going to the highest bidder, or find ways to protect their networks from the companies that know their weaknesses best.
Job cuts and consolidation across the cyber sector are gradually increasing pressure on remaining workers. Salary growth is slowing — A new study from the Chartered Institute for Information Security (CIISec) says the cybercrime sideline is an increasingly attractive livelihood option for cyber professionals. Dark web advertising for cybercrime services Brought to you by experts in cybersecurity by trade.
CIISec's report found numerous offers on the dark web site, including a professional Python developer offering to create a chatbot for $30 an hour to earn extra money for Christmas gifts for children. According to a CIISec report, another experienced developer will create phishing pages, cryptocurrency ejection tools, etc., while another developer will use AI to assist with coding, for a fee of 300 yen per hour. Starting from USD.
Cyber experts look at cybercrime: An alarming new trend
According to Devin Ertel, CISO at Menlo Security, this alarming trend signals a whole new era in cybersecurity.
“It is shocking and troubling to see highly skilled professionals turning to cybercrime in the midst of mass layoffs,” Ertell said. “This marks a significant change that reflects the urgent need for both employment and continued training in the field.”
Ertel points to cyber talent glut and economic uncertainty as potential contributing factors to the “unfortunate trend.”
Gartner predicts that by 2025, 25% Cybersecurity leaders will leave their roles Because of stress.and despite Layoffs in Cybersecurityhas primarily focused on non-technical roles such as marketing, sales, and management, but still Hundreds of thousands of job openings Just in the US cybersecurity field.
Cybersecurity morale can cause insider threats
This puts even more pressure on the remaining teams and lowers morale across the industry, with cybersecurity expert and consultant Hal Pomerantz worried that it could also lead to a spike in insider threats. ing.
“Rather than worrying about external threats, we're going to be more concerned about insider attacks,” Pomerantz said. “Mass layoffs in the tech industry destroy employee morale and breed cynicism and contempt for management. Isn't there?”
Gareth Lindahl-Wise, CISO at Ontinue, said the solution for many companies requires a deeper understanding of the role they are trying to play and matching them with the right employees. I am.
Cyber needs to adapt to solve skills gap
“There is definitely a shortage of skilled and experienced cyber professionals,” Lindahl-Wise explains. “But I would just as frankly say there is some false expectation on the part of the buyer. Is it really necessary?”
Patrick Tickett, vice president of security and architecture at Keeper Security, advises that cybersecurity talent should be offered not only a career path but additional professional development opportunities once hired. .
“Business leaders are challenged to retain the cybersecurity talent needed to keep their organizations safe as they balance a distributed remote workforce, an ever-increasing number of endpoints, and an ever-expanding threat landscape. '' explains Tickett. “Beyond competitive compensation, organizations need to offer those seeking promotion a clear career path, professional development opportunities and, where possible, flexible work arrangements that allow for remote work.”
Beyond recruitment, hiring, and closing Cybersecurity skills gapColorTokens Vice President Sunil Muralidhar urges managers: focus on mental health Stress management among cybersecurity teams.
“Working with security professionals in a variety of roles, from practitioners to executives to partners, a common thread emerged: high stress levels among them,” Muralidhar said. “This is primarily because security is disproportionately burdened to protect organizations with very limited resources.”