The most up-to-date ISC2 Cybersecurity Workforce Study discovered a shortfall of 111,000 professionals within the Middle East and Africa area. While that quantity pales compared to different elements of the world just like the US, the place the hole is at 522,000 — it is a vital deficit that has impressed one controversial answer.
Chidiebere Ihediwa, an African cybersecurity specialist, lately instructed Nigeria’s Economic and Financial Crimes Commission that on-line scammers and fraudsters must be retrained as data expertise specialists. Ihediwa stated redirecting the data and capabilities of those folks could be advantageous to the nation. The Nigerian Economic and Financial Crimes Commission had not responded to Dark Reading as of this posting.
But is retraining and hiring hackers and cybercriminals with a shady previous a practical answer?
Going Legit
The dialog on whether or not to rent those that have completed dangerous issues of their previous or not just isn’t new. An analogous debate 5 years in the past had differing opinions, however one argument was that hackers with expertise of conducting cyberattacks must be the most effective folks to plan and take a look at cyber defenses as a result of they’d the precise expertise in breaking them.
How possible is it that somebody with a felony previous could be employed as a respectable IT safety skilled? UK-based recruitment specialist Owanate Bestman says in terms of the recruitment course of, there’s a sure sympathy from some hiring managers to provide those that have completed unsuitable a second likelihood. But generally an organization coverage might stop such goodwill.
“I had one in every of my candidates communicate to HR and so they flat out stated ‘no,’ and the explanations may be fairly industry-specific, however one of many causes to say ‘no’ is as a result of there is a component of fraud concerned — and that eliminates you from so many positions as a result of there’s a capability of coping with private knowledge,” Bestman says.
Opportunity Cost
There can be the consideration of how a lot a enterprise would wish to oversee the reformed cybercriminal’s work. Confidence Staveley is the founder and govt director of CyberSafe Foundation, a non-governmental group devoted to bettering inclusive and secure digital entry in Africa. She says the decision to retrain cybercriminals and fraudsters “is a unbelievable factor to do.” But, she says, such a transfer would require a multi-layered monitoring course of, and would rely on whether or not the previous convicts would wish to work full-time.
Staveley stated most full time IT safety staff earn round 300,000-500,000 Naira a month, which works out round US $400, whereas a cybercriminal may very well be incomes $10,000-100,000 a month. This must be thought of within the retraining course of, in addition to providing them a beautiful wage.
Just tips on how to take somebody with a felony previous, pay them greater than the typical wage to maintain them away from the darkish aspect is doable, she says. Consider the billions of {dollars} which can be misplaced to enterprise e-mail compromise (BEC) assaults alone, she says: if $100 million may very well be dedicated to the retraining challenge to pay salaries, housing, and different perks, “you’ll discover these (cybercrime value) numbers would drop by not less than 30% “
Obviously this is dependent upon the willingness of former cybercriminals to repent for his or her earlier actions, she notes. They additionally might assist mentor younger folks on tips on how to make the precise choices on-line, which, together with respectable work, could be very welcome in Nigerian society. While she acknowledges that these steps is not going to cease the issue of cybercrime altogether, “a mix of interventions might assist,” she provides.
Bestman concurs that ex-fraudsters might use their expertise to show others in a corporation how cybercriminals function to higher inform their defenses. “These folks with a checkered previous, they don’t seem to be simply good from a technical place, however from the psychology, behavioral, and cultural parts of safety inside a corporation, understanding how the person works and the way the attacker can penetrate the thoughts of the person he says.