The newest ISC2 Cybersecurity Workforce Examine discovered a shortfall of 111,000 professionals within the Center East and Africa area. Whereas that quantity pales compared to different components of the world just like the US, the place the hole is at 522,000 — it is a important deficit that has impressed one controversial answer.
Chidiebere Ihediwa, an African cybersecurity specialist, not too long ago instructed Nigeria’s Financial and Monetary Crimes Fee that on-line scammers and fraudsters ought to be retrained as info expertise specialists. Ihediwa mentioned redirecting the information and capabilities of those folks can be advantageous to the nation. The Nigerian Financial and Monetary Crimes Fee had not responded to Darkish Studying as of this posting.
However is retraining and hiring hackers and cybercriminals with a shady previous a sensible answer?
Going Legit
The dialog on whether or not to rent those that have completed dangerous issues of their previous or not shouldn’t be new. The same debate 5 years in the past had differing opinions, however one argument was that hackers with expertise of conducting cyberattacks ought to be one of the best folks to plan and take a look at cyber defenses as a result of they’d the precise expertise in breaking them.
How doubtless is it that somebody with a prison previous can be employed as a legit IT safety skilled? UK-based recruitment specialist Owanate Bestman says on the subject of the recruitment course of, there’s a sure sympathy from some hiring managers to present those that have completed improper a second likelihood. However generally an organization coverage might stop such goodwill.
“I had one in all my candidates communicate to HR and so they flat out mentioned ‘no,’ and the explanations will be fairly industry-specific, however one of many causes to say ‘no’ is as a result of there is a component of fraud concerned — and that eliminates you from so many positions as a result of there’s a capability of coping with private information,” Bestman says.
Alternative Value
There’s additionally the consideration of how a lot a enterprise would wish to oversee the reformed cybercriminal’s work. Confidence Staveley is the founder and government director of CyberSafe Basis, a non-governmental group devoted to enhancing inclusive and protected digital entry in Africa. She says the decision to retrain cybercriminals and fraudsters “is a implausible factor to do.” However, she says, such a transfer would require a multi-layered monitoring course of, and would rely upon whether or not the previous convicts would need to work full-time.
Staveley mentioned most full time IT safety workers earn round 300,000-500,000 Naira a month, which works out round US $400, whereas a cybercriminal may very well be incomes $10,000-100,000 a month. This must be thought of within the retraining course of, in addition to providing them a lovely wage.
Simply find out how to take somebody with a prison previous, pay them greater than the common wage to maintain them away from the darkish facet is doable, she says. Think about the billions of {dollars} which might be misplaced to enterprise e-mail compromise (BEC) assaults alone, she says: if $100 million may very well be dedicated to the retraining challenge to pay salaries, housing, and different perks, “you’ll discover these [cybercrime cost] numbers would drop by no less than 30%.”
Clearly this will depend on the willingness of former cybercriminal to be repentant for his or her earlier actions, she notes. Additionally they may assist mentor younger folks on find out how to make the appropriate selections on-line, which, together with legit work, can be very welcome in Nigerian society. Whereas she acknowledges that these steps is not going to cease the issue of cybercrime altogether, “a mix of interventions may assist,” she provides.
Bestman concurs that ex-fraudsters may use their expertise to show others in a corporation how cybercriminals function to higher inform their defenses. “These folks with a chequered previous, they aren’t simply good from a technical place, however from the psychology, behavioral, and cultural components of safety inside a corporation, understanding how the person works and the way the attacker can penetrate the thoughts of the person,” he says.
