“Increase salaries or risk losing workers to cybercrime”

From developers and pen testers to PRs and voice actors, cybersecurity risks losing up to 10% of workforce to cybercrime.

  • Wednesday, 6th March 2024 Posted 8 months ago in by Phil Alsop

The Chartered Institute of Information Security (CIISec) is urging the cybersecurity industry to increase salaries and provide better working conditions to prevent up to 10% of the workforce from leaving the profession. This warning follows qualitative dark web analysis, revealing that professionals working in legitimate roles are offering their skills to cybercriminals in an effort to increase pay, replace dried up work, or buy Christmas presents. This sentiment was echoed in CIISec’s latest State of the Profession report, which highlighted that remuneration is the primary reason for people leaving roles in cybersecurity, and that 22% of security professionals work more than 48 hours per week, risking burnout.

“Gartner research shows that 25% of security leaders will leave the security industry by 2025 due to work-related stress – and that’s just leaders,” says Amanda Finch, CEO of CIISec. “Salaries and long hours are contributing to this, and we’re starting to see the impact. Our analysis shows that highly skilled individuals are turning to cybercrime. And given the number of people projected to leave the industry, many of those will be desperate enough to seek work in an area that promises large rewards for their already-existing skills and knowledge. Preventing this means ensuring we are doing all we can as an industry to attract and retain talent.”

The detailed research – conducted by Mark, a former police officer and covert operative, now working as a subject matter expert in the private sector – trawled dark web forums from June–December 2023 for job adverts. The professionals advertising for roles fell into three groups:

• Experienced, skilled security and IT workers: These professionals tended to be highly skilled and experienced, with some boasting more than a decade of experience in security or IT. There was evidence of individuals currently working for a “global software agency”, professional pen testers offering to test cybercrime products, AI prompt engineers, and web developers. Some offered a portfolio of work as evidence of their skills, whilst others stated that they needed a “second job” or even that “Xmas is coming and my kids need new toys”.

• People just entering the security workforce: These seemingly young or inexperienced professionals are looking for work and education. One asked for advice on “where do I start in hacking as a programmer?” and there were low-cost options for a “beginner designer” whose “creative journey has just begun”. Hacking groups also advertised, looking to hire students and offering training services – from OSINT to dark web and social media hacking – to wannabe hackers.

• Wider industry professionals looking to expand into cybercrime: A smaller number of individuals from industries outside of security or IT are still tempted by cybercrime. The research uncovered an out of work voice actor advertising for work on phishing campaigns, a “creative wizard” offering to “elevate your visual content”, a PR for a hacking group, and content writers.

“After years of working in the cybersecurity and law enforcement fields, it becomes relatively easy to spot cybercriminals from professionals moonlighting from other industries,” says Mark, subject matter expert in dark web investigations who led the investigation. “These adverts might allude to current legitimate professional roles, or be written in the same way as someone advertising their services on platforms like LinkedIn. In an industry that is already struggling to stop adversaries, it’s worrying to see that bright, capable people have been enticed to the criminal side.”

“There is a huge breadth of skills being advertised on the dark web, many of which are transferable,” says Finch. “A job in cybersecurity has so much to offer for people of all industries, whether you’re a creative, a developer, or even a voice actor. But as an industry, security can seem like a narrow field. We must do more to showcase that there’s room for all in security, or we’ll lose more and more talent to cybercrime.”

The promise of AI is on every biopharma’s radar, but the reality today is that much of the industry is grappling with how to convert the hype into...
IT teams urged to resolve ‘data delays’ as UK executives struggle to access and use relevant business data.

‘Playtime is over’ for GenAI

Posted 4 days ago by Phil Alsop
NTT DATA research shows organizations shifting from experiments to investments that drive performance.

GenAI not production-ready?

Posted 4 days ago by Phil Alsop
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient governance to implement GenAI.

AI tops decision-makers' priorities

Posted 4 days ago by Phil Alsop
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100 global IT decision-makers and professionals, the...

The state of cloud ransomware in 2024

Posted 4 days ago by Phil Alsop
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm.
Talent and training partner, mthree, which supports major global tech, banking, and business clients to build job-ready teams, has revealed the...

AI innovation is powering the Net Zero transition

Posted 4 days ago by Phil Alsop
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.