Cybercrime Doesnt Pay As Much As Youd Think

  /     /     /  
Publicated : 22/11/2024   Category : security


Cybercrime Doesnt Pay As Much As Youd Think


Legit cybersecurity professionals typically make more than the average cybercriminal, a new survey says.



Cybercrime may be where the money is, but the average cybercriminal doesnt make big bucks: He or she brings in about $30,000 per year, according to a new study by the Ponemon Institute. Thats about one-fourth the average salary of a legitimate security professional, the study says.
The Flipping The Economics of Attacks report, published today and commissioned by Palo Alto Networks, surveyed more than 10,000 hackers across the white hat, grey hat, and black hat realms. The report is based on a sample of more than 300 respondents, who hailed mainly from the US, UK, and Germany and, according to Ponemon, are skilled hackers -- some of whom had converted to the white hat side. Its likely that some respondents were from other parts of the world, including Eastern Europe, however, Ponemon says.
Larry Ponemon, chairman and founder of the Ponemon Institute, says a criminal hackers income was definitely much lower than he had expected. The perception by some is that they do this work, make a lot of money and then retire at an early age. But they have to work very hard for a small income, he says.
The top of the cybercrime hierarchy, typically organized crime syndicates, profit most from cyber attacks. Thats maybe about one percent. The vast majority doing the day-to-day stealing arent making the big money, says Scott Simkin , senior threat intelligence manager at Palo Alto Networks. The truth of the matter is they are not all going to make hundreds of thousands of dollars.
But Tom Kellermann, chief cybersecurity officer at Trend Micro, says some data in the study may be a bit skewed since it doesnt appear to include data from hackers in Russia, Brazil, and China, for example. They are the ones that leverage the most pernicious targeted attacks, he says. The report appears to be drawn more from opportunist attackers than organized cybercrime gangs going after the Fortune 1000, for example, he says.
Nearly 75% of the hackers in the survey say attackers look for weak, easy, and less costly targets to hit, and a skilled attacker after about one week will halt his hack against a target if he doesnt score a successful attack in that timeframe. An attacker takes about 147 hours to plan and pull off an attack against a well-secured enterprise, but only 70 hours to execute one with typical security.
Its getting easier for a large percent of attackers because of their improving skills, and free and widely available tools, Ponemon says.
Still, even if an attacker gives up on his target, he can try coming through a link in the targets supply chain, notes Trend Micros Kellermann.
Think retailer Target, whose HVAC vendor was the weak link that doomed the big-box store in its epic data breach.
Spear phishing still represents the majority of attacks. The rest are leveraged through watering hole attacks, malvertising, and mobile, Kellermann says.
More than half of the hackers in the survey say sharing threat intelligence is one of the best ways to prevent or thwart an attack, and some 40% of attacks can be stopped with the sharing and deployment of threat intel. The
full report is available for download
.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cybercrime Doesnt Pay As Much As Youd Think