“In policing we call them young offenders, but in the cyber world they are ‘young and talented individuals’ because we recognize that they have a core skill set that could migrate to cyber security,” said Chris White, head of cyber security. at the Southeast Cyber Resiliency Center (SECRC).
The youngest of these talented people to cross White’s path was only eight years old. It’s rare, but it’s not uncommon to find 13-year-olds who have trained themselves on YouTube to hack a retailer and order themselves some free goodies.
The average age of a cybercriminal is 17 and a half, White told the audience at Computer equipmentCyber Security Festival last week; for other types of crimes it is 27.
In policing for 20 years, White’s focus has shifted from nagging these “young talented individuals” to channeling their frenzied energy.
The SECRC is a police-led partnership with academia and business that aims to improve the cyber resilience of businesses in the South East of England. It is part of a Home Office initiative to set up not-for-profit centers to help small businesses, charities and other under-resourced organizations advocate for themselves by providing training and advice.
However, young offenders are not SECRC’s main source of talent; these would be students fresh out of university or training courses who are just starting out in cyber careers and are not earning the significant salaries of their more experienced peers. Often, this involves training the company in the basics, White said.
I have had countless business owners call me crying their eyes out
“I am a bakery with smartphones connected to the Internet, a shop, a website for selling cakes. How do I set up these computers correctly?”
Often times, he continued, small businesses like this one have built websites to make the most of Facebook, Google and Instagram ads without thinking about the security of the systems.
“They never took a step back to tell me how to set it up right?”
Most of the offenders White faces are basic weaknesses such as weak passwords and admin permissions granted to everyone by default.
“You talk to Joe’s average small business owner and they’re not getting the basics right,” White said.
Many people, including young offenders, think of low-level cybercrime as victimless, he continued, but that’s not the case. It can actually ruin lives and livelihoods.
“I’ve had countless calls from business owners crying their eyes out saying, ‘I can’t deal with this, I don’t know how to stop them.’ This is a family business and I have to tell friends and family that they can’t come tomorrow to work because I have no more business.” So it’s very disruptive when it happens.”
He added that cybercrime is the fastest growing type of criminal activity, so it is important that all organizations understand the basics and ask for help when needed.