Employing a Cybercriminal for Security. 

Is the idea of hiring a cybercriminal a smart one? This bifurcate question was what brought executives in the Wisdom of Crowds event – the flagship event for Cyber Management Alliances – in London pondered. 

This live event brought Amar Singh, the CEO & Co-founder of Cyber Management Alliances, to ask a thought provoking question: Would hiring a cybercriminal for your security team be a smart decision? 

This question has no easy answer or choice, but let’s delve into the thoughts and opinions of executives of the Wisdom of Crowds.

Cons

Many participating executives are against the idea of ever hiring a criminal.  A list of the drawbacks and concerns they expressed of hiring a criminal include:

Reputational Harm

While there may be numerous potential advantages of hiring a criminal, you could easily be backstabbed or extorted at any given point. The negative publicity of employing a cybercriminal can be extremely damaging to a business. If a business were to hire a criminal, it could be seen as condoning the hacker’s past for the benefit of the business. It can also lead to the wrong message for criminals, and just outright be a PR disaster. 

Ethics and Integrity

This was also a concern that arose in these talks. Is it truly appropriate for a security business to give corroboration to cybercriminals when global businesses are meeting together to solve this conflict?

Justification and Insurance Risk 

Trying to internally justify hiring a criminal would first need to make it past both the board and management and furthermore, the Human Resources team would also need to accept this. Wouldn’t it seem as though HR, then, had a misguided view? Plus, a risk to insurance may arise if a criminal has access to a company’s IT framework.

Pros

While most may find that hiring a criminal’s drawbacks outweigh the positives, some of the attendees at the Wisdom of Crowds did not think it was such a bad decision. They discovered some of the positives to it as well, including just a few like:

Real Experience and Insights 

Not only would a cybercriminal have prior experience in the industry, but they could also supply you with valuable insights. These criminals could find vulnerabilities in your infrastructure where only a criminal may think to check, leading you to make important patches to loopholes and improve your overall security.

A Shortage of Security Talent

There is currently an enormous shortage of highly-educated expertise in the cybersecurity industry, so these cybercriminals could be a great asset when there are no other choices – like Kevin Mitnick. 

Once wanted by the FBI, he is now an adviser for Fortune 500 organizations. Mitnick also was employed by the world’s leading cybersecurity awareness and simulated phishing platforms. Currently, Kevin is a respected and sought after expert in cybersecurity in the world.

Conclusion

There may not be a solid answer to this thought-provoking question just yet, but one thing is for sure; the answers and opinions it brought forth are very interesting. On the whole, the Wisdom of Crowds held a solid reflection of that inquisitive spirit where everybody can express their opinions, provide insights to each other, and produce some collective perception for the cybersecurity community. Though, with this said, you might want to brush up on some more cybersecurity tips. Look no further than our experts at Arruda Group for great community insights on this and more.