PRO+ Premium Content/Information Security
Access your Pro+ Content below.
Beware of the gray hat hacker, survey warns
This article is part of the Information Security issue of October 2018, Vol. 20, No. 5
A recent study on the cost of cybercrime to organizations delved into growing concerns about the gray hat hacker -- a security professional who participates in black hat activities. Researchers found that 12% of the security professionals surveyed have considered black hat activities, and 22% have been approached about taking part in them. In some cases, legitimate security professionals have shifted completely to the "dark side" and become black hat hackers. Osterman Research Inc. surveyed 900 security professionals in five countries -- the United States, the United Kingdom, Germany, Australia and Singapore -- during May and June of this year. The security professionals surveyed worked for organizations in a range of industries, including financial services/insurance, 10%; manufacturing, 10%; retail, 9%; technology, 9%; and healthcare, 9%. The perceived percentage of gray hat hackers increased with the size of the organization, from 2.8% of IT security professionals at small businesses to 4.2% for midsize companies and 5.7% at ...
Features in this issue
-
Cloud-first? User and entity behavior analytics takes flight
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.
-
Beware of the gray hat hacker, survey warns
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
News in this issue
-
Industries seek to improve third-party security risk controls
Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.
Columns in this issue
-
Kurt Huhn discusses the role of CISO in the Ocean State
A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.
-
White hat Dave Kennedy on purple teaming, penetration testing
Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.