Hackers Have the Advantage Over IT Security Pros Thanks to Misaligned Incentives

A new report was recently released by Intel’s McAfee Security and the Center for Strategic and International Studies (CSIS), titled Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity. The authors of the survey talked to 800 cybersecurity professionals and used their answers to come to the conclusion that cybercriminals are afforded a huge advantage due to a misalignment of incentives. Here are some examples of what this means:

  • There is a disconnect between creating a strategy and implementing cybersecurity programs
  • The bureaucracy of the business is unable to keep up with free-wheeling criminal enterprises because it takes them too long to come to a decision
  • The senior executives and the people in charge of cybersecurity are being incentivised differently.

The report details each incentive that is giving cybercriminals the edge, as well as looking closer at cybercriminals and the ways in which they have jumped right over corporate cybersecurity.

There is a Booming Black-Hat Hacker Workforce

One thing noted by the authors of the report is that, even though above-board businesses are having trouble finding high quality cybersecurity professionals, there is no such problem for cybercriminals. The authors of the paper suggest that black hat hackers are creating incentives based on market forces, rather than organizational flatness.

Cybercriminals also have an advantage in terms of products. Innovation and adaption are fostered by the market economy of the criminal hacker ecosystem. It is different from the defensive market, where priorities can be affected by corporate hierarchy. The result is a slow moving bureaucratic process; much different from the decentralized, competitive, commoditized hacker market.

Black Hat Hackers Have Superior Products

Given that the digital underground market has so many qualified people creating/stealing high-quality black-hat products, it’s only natural to assume the underground market is flourishing; which is just what it’s doing. What might be a little unexpected is the sheer quality of the products. The report suggests the reason for the quality could be because of the decentralized, open nature of the market. This means that operators must steal, create, and sell only the latest and highest quality products in order to survive.

The authors of the study say that the top of the black market contains almost nothing but elite tech specialists with highly coveted zero-day exploits working as intermediaries and brokers passing high-dollar-value exploits between the buyers, the sellers, and even the government.

Even so, there’s still a lot happening on the lower-tiers of the black market. There’s plenty of demand out there for counterfeit goods, stolen financial information, spamming services, and other “exploits-as-a-service” businesses.

Why are Cybercriminals Finding Specialists?

Much like above-board security experts, cybercriminals understand the importance of employing specialists. It’s difficult for a cybercriminal to be a true Jack-of-All-Trades given the complex nature of the modern corporate infrastructure, better security systems, and the increased awareness of their potential victims. According to the report, the following are the most in-demand specialists:

  • Programmers needed to create malware
  • Web designers needed for the creation of malicious sites
  • Tech experts needed to maintain the servers, databases, etc. of the criminal infrastructure
  • Hackers needed to exploit vulnerabilities in systems and breach computer networks
  • Fraudsters needed to develop social engineering schemes such as spam and phishing
  • Intermediaries to collect all the stolen data, advertise it to their fellow cybercriminals, and sell it on or exchange it for some other illegal action

Much like an above-board cybersecurity team, the more people needed for a job means the mastermind gets a smaller cut. The authors of the paper note that the profits of a criminal business are divided between the specialists. One law-enforcement expert estimated that up to 90% of the money made through cybercrime go to the technical specialists and the money mules, rather than the mastermind who put the scheme together in the first place.

Vulnerabilities Are Always Needed

The main reason that black-hat hacker markets are always so adaptable is because this is what is needed to find, exploit, and leverage vulnerabilities before they get patched. One study shows that 42% of disclosed vulnerabilities will be exploited within 30 days of being disclosed. As soon as something is disclosed publicly, cybercriminals are already using it in their attacks and exploiting it.

This doesn’t mean that even older publicly disclosed vulnerabilities are not being leveraged. Never forget about the opportunistic nature of criminals. They will continue to focus on the lowest-hanging fruit. Rather than investing in vulnerability research and developing vulnerabilities – which can be costly – they will just make the most out of a publicly disclosed vulnerability to exploit an unpatched system.

So, What Can the Good Guys Do?

The authors of the report have some suggestions for organisations. They suggest that the good guys do the following to keep up with cybercriminals:

  • Using Security-as-a-Service to counter the operations of Cybercrime-as-a-Service. These services have the same flexibility as the cybercriminals.
  • Using specialised consultants to augment the corporate in-house team by providing them with more expertise and focusing their resources
  • Offering performance incentives and recognising the efforts of your cybersecurity team encourages them to create stronger defences and patch exploits faster
  • Continue to experiment to determine the ideal mixture of metrics and incentives for your organisation as each one is different

The Future Looks Bright for Cybersecurity

While all of this sounds like bad news, the authors of the report do suggest there is some good news. They say that more companies are beginning to recognize how serious the problem of cybersecurity is, and they are taking the necessary steps to address it. As the IAM solutions company, One Identity, has stated, “Static security, based on a collection of unlinked security factors, is no longer sufficient for controlling access.” The authors still warned that security tools and solution have a hard time keeping up with the cybercriminal market. While this can be inevitable, it can also be minimized by organizational innovation.

Hot this week

Did David Wineland and Serge Haroche Steal Idea For The Nobel Physics Prize?

Dr. Omerbashich says the Royal Swedish Academy is a Crime Scene and he has the proof that Nobel laureates stole his discovery.

New Approaches to Disaster Relief Challenges

Disaster relief has always been a challenge. NASA, Google,...

3 Legitimate Money Making Methods to Supplement Your Income

In a perfect world, when your landlord raises your...

2016 Predictions by World Renowned Medium and Psychic Lindy Baker

World renowned medium and psychic Lindy Baker is interviewed by The Hollywood Sentinel, discussing psychic power, the spirit world, life after death, areas of concern in 2016, and much more.

Digital Coupon Customers Spending More Than Double At Stores

A new study shows that customers who use digital coupons go shopping more for groceries and other household goods more often and spend more on their shopping trips.

Robert F. Kennedy Jr. Confirmed as HHS Secretary in 52-48 Senate Vote

Robert F. Kennedy Jr. was confirmed as Secretary of...

Somalia Launches First Youth Football Development Center

Inaugurated by the president of Somali Football Federation, Mr. Ali Abdi Mohamed, the new youth football development center began its operation in the city of Baidoa on Thursday 13th of February 2025.

Tulsi Gabbard Confirmed as U.S. Director of National Intelligence, Meets with Indian PM Modi

Tulsi Gabbard, Director of National Intelligence The U.S. Senate confirmed...

Why Is Kendrick Lamar Dissing Drake Now?

Kendrick Lamar and Drake once shared a collaborative spirit, but tensions simmered in 2013 with Lamar's bold verse on "Control." What followed...

The History of Palestine: Ancient Civilizations to Today

From the ancient settlements of Jericho to the emergence of the Canaanites, the origins of Palestine reveal a rich tapestry of cultures. But what mysteries lie hidden in its sands, waiting to be unearthed?

DIY Garden Projects: Creative and Budget-Friendly Ideas

Transform your backyard with stunning DIY garden projects that elevate your outdoor space—yet one unexpected challenge remains...

Omri Hurwitz Media Adds New Clients BridgerPay, Marble Law, Canditech, Among Others

In a world where digital storytelling and media presence...

SFF President Names Election Rival as Referee Committee Chair

In a move described by many as a good...
spot_img

Related Articles

Popular Categories

spot_imgspot_img