Young hackers: redirecting talents from cyber-bad to cyber-good
The cybersecurity industry is experiencing the emergence of 'young hackers'. From the 17-year-old behind the Twitter hacks to the infamous Lapsus$ ransomware group that denounced at least seven adolescents, young people are increasingly finding themselves caught up in malicious activity. Whether this is petty hacking attempts or high-profile attacks, teenage-perpetrated cybercrime is a rising issue that needs to be addressed.
With cybergangs offering lucrative opportunities and side hustles at the click of a button, teenagers with digital expertise are being drawn to the dark side of the web by bad actors. Why would young people navigate an ambiguous path to 'cyber-good', when the path of least resistance could be joining lucrative organisations doing 'cyber-bad'?
Without intervention, it is predicted that the number of young people being recruited into cybercrime is set to increase as bad actors will continue to pluck talent early on. The onus is, therefore, on the cybersecurity industry and the education system to take immediate action and work together to direct young people away from the path to cyber-bad and toward more positive outcomes.
The path to cyber-bad
When considering why they became involved in cybercrime, it is important to note that this is a cultural issue as much as it is a cybersecurity one. Some motivating factors could be attributed to the excitement of hacking, getting away with a crime, or the prospect of lofty payment opportunities. Moreover, the promise of prestige and even infamy among their peers should they succeed makes cybercrime even more irresistible.
Known as the tech-savvy generation, young people may stumble into cybercrime without fully understanding the ramifications or even realising they are committing criminal activity. Their advanced IT and hacking skills may be unknowingly leveraged to commit cybercrime, especially as the lines between ethical and unethical hacking become more obscure in the online world. For instance, while cyber gangs have long been recruiting from dark web hacker forums and job boards, they are now also plucking talent from mainstream social media.
This not only provides them with access to young people but can make them appear more legitimate. Indeed, malicious organisations have now developed more sophisticated recruitment processes, as we have discovered from last year's Conti leaks, the ransomware group was found to resemble an ordinary firm, which even had its own HR operations. With the offer of lucrative ransom pay-outs, it is easy to see how tempting the prospect of carrying out cyber crime can be to young people, who may be naïve to future repercussions.
Breaking the stereotypes
To prevent young talent from being lured to the dark side, as opposed to being recruited to security companies that work to protect society online, there is a stronger need for the industry to challenge the stereotypes of security work. When people think of a cybersecurity professional, the first image that may come to mind is likely one of a nefarious individual working among the shadows. However, this stereotype is far from the truth of cybersecurity work – and can even be harmful.
Firms must shed light on what lawful cybersecurity work entails and the types of people that take on these roles. It is not necessarily just those with a computer science degree who are apt for a role in the sector. In fact, over half (56%) of cybersecurity professionals believe that degrees aren't needed for a successful career in the industry.
Additionally, research shows that improved support and awareness of cybersecurity careers during education is necessary to attract talent to the sector - and this is especially crucial from a young age. By collaborating with education providers and changing perceptions about the image of cybersecurity and what it requires in terms of qualifications, organisations can position the industry as a viable career option for the younger generation. This early education will be vital to steering people towards the path to cyber-good.
Redirecting cyber talents
Beyond education, there are also several public resources available to help redirect teenagers with an interest in cyber to refine their skills and apply them for good. One example is the UK's National Cyber Security Centre's (NCSC) Cyber First training courses offered to the younger generation to become cybersecurity specialists.
Teenagers can also divert their competitive spirits towards participating in white hat hacking competitions, like CyberCenturion hosted by Cyber Security Challenge UK. While these initiatives are certainly promising, the onus lies with organisations to step up when it comes to redirecting talent to the sector.
By enhancing their internship and apprenticeship offering and looking for transferable skills from young people – regardless of their educational background – organisations can motivate these digitally savvy individuals to pursue a career in the industry. Offering a promising career prospect with suitable training schemes and long-term growth potential means organisations can begin to tackle the issue.
Further, the industry needs to look within to find new ways to widen its talent net. Organisations can contribute to doing more good by investing in young people who are seeking soulful work—versus soulless work—and may consider using their cyber talents to protect rather than exploit people and organisations for profit.
Bringing light to cyber-good
The cybersecurity industry plays a central role in redirecting young people's cyber talents to more positive outcomes. More needs to be done to position cybersecurity as an up-and-coming career path that not only provides intellectual excitement and rewards curiosity but is a moral, ethical route to take – and serves something larger than oneself.
By working with the education system, our industry can transform stereotypes and ensure that bright, young talent is redirected to carrying out cybersecurity work that is purposeful, motivating, and rewarding.