Living life as a cybercriminal cannot be easy but finding new recruits is even harder. You might assume that unusual offbeat methods will be used to find new talent – but it turns out that their methods are quite conventional.
According to new research by threat intelligence firm Digital Shadows, candidates have to fill out application forms, interview over Skype, and even go through a probationary period. One job advertisement warned that if a website was not hacked within three months, the candidate will be “unfollowed and considered inactive”.
Clearly, a lot of time and effort is spent in finding the cybercriminal with the right skills package. On the other side, organisations are also facing the challenge of recruiting cybersecurity professionals. Last year saw some major companies hacked and it is predicted there will be more high-profile cases this year.
There is little faith amongst staff members too in handling cybersecurity matters. In a survey it was revealed that “six in 10 respondents did not believe that their own staff could handle anything beyond a simple incident”.
So what can organisations learn (if anything) from the types of skills cybercriminals are looking for right now in potential recruits? According to Digital Shadows, some of them include things like “distributed denial of service (DDoS), social engineering, cross-site scripting (XSS) and SQL injection (SQLi).
“Attackers and defenders have more in common than some might think. Each group has a mission to accomplish and the success of that mission is predicated on the ability to hire and retain staff. At the end of the day, tracking the adversary that is recruiting and the skills they most desire can improve the overall maturity of an organization’s security program and make that new recruit’s job that much harder,” the research says.
So whether you are a cybercriminal or a regular Joe, finding and recruiting the right person for the job is a pain – and at least that’s something both sides can say.
PREVIOUS ARTICLE«International Women’s Day: Close, but not quite close enough
Jon Collins’ in-depth look at tech and society
Phil Muncaster reports on China and beyond