“In law enforcement we call them young offenders, but in the cyber world they are ‘talented young individuals,’ because we recognize they have a core set of skills that could migrate to cybersecurity,” said Chris White, Director of Cyber & Innovation. at the Southeast Cyber Resiliency Center (SECRC).
The youngest of these talented individuals to have crossed White’s path was just eight years old. That’s rare, but it’s not unusual to find 13-year-olds who have trained on YouTube to hack into a retailer and order some free gifts.
The average age of a cybercriminal is 17 1/2 years, White told the audience at Computingthe Cybersecurity Festival last week; for other types of crimes it is 27.
In police work for 20 years, White’s focus has shifted from robbing these “talented young individuals” to redirecting their misguided energies.
SECRC is a police-led partnership with academia and business aimed at improving the cyber resilience of businesses in the South East of England. It is part of a Home Office initiative to create non-profit centers established to help small businesses, charities and other underserved entities fight back by providing training and advice.
However, young offenders are not the SECRC’s main source of talent; They would be students fresh out of college or training courses just starting a cyber career and not drawing substantial salaries from their more experienced peers. Often it’s about training companies on the basics, White said.
I’ve had countless business owners on the phone crying out loud
“I am a bakery with internet-connected smartphones, a store, a website for selling cakes. How do I properly configure these computers?”
Too often, he continued, small businesses like this have launched websites to get the most out of advertising on Facebook, Google, and Instagram, with no thought to protecting the systems.
“They’ve never really stepped back to say, how do I set this up correctly?”
Most of the criminals White encounters take advantage of basic flaws, such as weak passwords and admin permissions granted to everyone by default.
“You talk to Joe, your average small business owner, and they don’t really get the basics right,” White said.
Many people, including young offenders, view low-level cyber as a victimless crime, he continued, but that is not the case. In fact, it can ruin lives and livelihoods.
“I’ve had countless business owners call me on the phone crying and saying ‘I can’t deal with this, I don’t know how to keep them out.’ This is a family business and I have to tell friends and family that they can’t come to work tomorrow because I don’t have a business anymore.’ So it’s very upsetting when it happens.”
Cybercrime is the fastest growing type of criminal activity, he added, so it’s important that all organizations understand the basics and ask for help if they need it.