The newest ISC2 Cybersecurity Workforce Examine discovered a shortfall of 111,000 professionals within the Center East and Africa area. Whereas that quantity pales compared to different components of the world just like the US, the place the hole is at 522,000 — it is a important deficit that has impressed one controversial answer.
Chidiebere Ihediwa, an African cybersecurity specialist, lately instructed Nigeria’s Financial and Monetary Crimes Fee that on-line scammers and fraudsters ought to be retrained as data expertise specialists. Ihediwa mentioned redirecting the data and capabilities of those individuals can be advantageous to the nation. The Nigerian Financial and Monetary Crimes Fee had not responded to Darkish Studying as of this posting.
However is retraining and hiring hackers and cybercriminals with a shady previous a sensible answer?
Going Legit
The dialog on whether or not to rent those that have achieved unhealthy issues of their previous or not just isn’t new. An identical debate 5 years in the past had differing opinions, however one argument was that hackers with expertise of conducting cyberattacks ought to be the very best individuals to plan and take a look at cyber defenses as a result of they’d the precise expertise in breaking them.
How doubtless is it that somebody with a felony previous can be employed as a authentic IT safety skilled? UK-based recruitment specialist Owanate Bestman says on the subject of the recruitment course of, there’s a sure sympathy from some hiring managers to offer those that have achieved flawed a second probability. However typically an organization coverage might forestall such goodwill.
“I had one among my candidates converse to HR they usually flat out mentioned ‘no,’ and the explanations will be fairly industry-specific, however one of many causes to say ‘no’ is as a result of there is a component of fraud concerned — and that eliminates you from so many positions as a result of there’s a capability of coping with private knowledge,” Bestman says.
Alternative Value
There’s additionally the consideration of how a lot a enterprise would want to oversee the reformed cybercriminal’s work. Confidence Staveley is the founder and government director of CyberSafe Basis, a non-governmental group devoted to enhancing inclusive and secure digital entry in Africa. She says the decision to retrain cybercriminals and fraudsters “is a improbable factor to do.” However, she says, such a transfer would require a multi-layered monitoring course of, and would rely on whether or not the previous convicts would need to work full-time.
Staveley mentioned most full time IT safety workers earn round 300,000-500,000 Naira a month, which works out round US $400, whereas a cybercriminal may very well be incomes $10,000-100,000 a month. This needs to be thought of within the retraining course of, in addition to providing them a horny wage.
Simply tips on how to take somebody with a felony previous, pay them greater than the common wage to maintain them away from the darkish facet is doable, she says. Think about the billions of {dollars} which can be misplaced to enterprise e mail compromise (BEC) assaults alone, she says: if $100 million may very well be dedicated to the retraining undertaking to pay salaries, housing, and different perks, “you’d discover these [cybercrime cost] numbers would drop by at the very least 30%.”
Clearly this is dependent upon the willingness of former cybercriminal to be repentant for his or her earlier actions, she notes. In addition they might assist mentor younger individuals on tips on how to make the fitting selections on-line, which, together with authentic work, can be very welcome in Nigerian society. Whereas she acknowledges that these steps won’t cease the issue of cybercrime altogether, “a mixture of interventions might assist,” she provides.
Bestman concurs that ex-fraudsters might use their expertise to show others in a corporation how cybercriminals function to raised inform their defenses. “These individuals with a chequered previous, they aren’t simply good from a technical place, however from the psychology, behavioral, and cultural parts of safety inside a corporation, understanding how the consumer works and the way the attacker can penetrate the thoughts of the consumer,” he says.