Report Analyzes What Motivates the Switch to Cybercrime

October 1, 2018

A new report from Malwarebytes reveals that almost one in 10 U.S. security professionals has admitted to having considered participating in Black Hat activity. Surprisingly, this was the lowest rate among all countries surveyed. More than one in five (21 percent) of U.K. security professionals have considered the Black Hat route.

In addition, says the White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime study, Black/Gray Hats aren't hard to find in today's SOCs. More than half of all U.S. security professionals surveyed (50.5 percent) know or have known someone that has participated in Black Hat activity. This was the highest rate of all countries surveyed. The global average was 41 percent.

Top report findings include:

Cybercrime incidents are escalating, security budgets are exploding and security remediation costs are skyrocketing:

U.S.-based businesses experienced a higher number of very serious security events such as ransomware and intentional insider breaches compared to other countries surveyed—an average of 1.8 incidents in 2017.
Based on security budget per employee responses, the average 2,500 employee company in the U.S. will spend more than $1.8 million dollars on security costs. That number is expected to increase to more than $2 million in 2018—nearly twice the average cost of all global responses (more than $1 million in 2018).
Remediating major security incidents is extremely expensive: the average global expenditure for remediating just a single event is approximately $290K for a 2,500-employee organization. In the U.S., the average cost escalates to $429K.
Phishing was the most common cause of major incidents globally (44 percent) with ransomware (26 percent) and spear phishing (20 percent) also in the top five. While the delivery tactics are familiar, the malware has grown increasingly complex and sophisticated.

Midsize companies (500-999 employees) are getting squeezed with massive increases in security incidents and exploding security budgets, but have fewer employees and smaller budgets:

To protect against a high volume of malicious attacks, mid-sized companies' security budgets increased by 36 percent.
Mid-market businesses had the highest percentage of security budget increases from 2017 to 2018 (36.32 percent increase for midsize companies; 20.46 percent increase for large companies; 8.5 percent increase in budget for small companies) to counter the significantly higher levels of adware, accidental insider data breaches and intentional insider data breaches and even nation state attacks.
Mid-sized companies spent 19 percent of their security budget remediating compromises. Fewer staff on-hand in mid-sized companies' Security Operations Centers (SOCs) to handle the volume of attacks resulted in the highest percentage of security budget spent on remediating attacks (18.62 percent of budget spent on remediating compromises) compared with both large (11.3 percent) and smaller (13.97 percent) companies.
49 percent of global mid-market professionals were most likely to suggest that it's easy to get into cybercrime without getting caught.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Report Analyzes What Motivates the Switch to Cybercrime

Related Articles

Related Products

Report Abusive Comment