Access your Pro+ Content below.
Beware of the gray hat hacker, survey warns
This article is part of the Information Security issue of October 2018, Vol. 20, No. 5
A recent study on the cost of cybercrime to organizations delved into growing concerns about the gray hat hacker -- a security professional who participates in black hat activities. Researchers found that 12% of the security professionals surveyed have considered black hat activities, and 22% have been approached about taking part in them. In some cases, legitimate security professionals have shifted completely to the "dark side" and become black hat hackers. Osterman Research Inc. surveyed 900 security professionals in five countries -- the United States, the United Kingdom, Germany, Australia and Singapore -- during May and June of this year. The security professionals surveyed worked for organizations in a range of industries, including financial services/insurance, 10%; manufacturing, 10%; retail, 9%; technology, 9%; and healthcare, 9%. The perceived percentage of gray hat hackers increased with the size of the organization, from 2.8% of IT security professionals at small businesses to 4.2% for midsize companies and 5.7% at ...
Features in this issue
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties.
News in this issue
Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.
Columns in this issue
A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.
Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.