Press "Enter" to skip to content

Cyber criminals have their own justice system

1Password released some research linking the challenge of remote working to staff burnout, thus reducing attention to security guidance.  Quoting ZDNet, According to the survey, burned-out employees are more apathetic about workplace cybersecurity measures and are three times more likely to ignore suggested best practices.  and

Cybersecurity professionals are more burned out than other workers. The research suggests that 84% of security professionals feel burned out, compared with 80% of other workers. 

And when cybersecurity employees are burned out, they’re more than likely to describe themselves as “completely checked out” and “doing the bare minimum at work” – something that one in 10 cybersecurity professionals described as their state of mind compared with one in 20 of other employees.

In research from CrowdStrike, The majority of global businesses believe supply chain attacks can become a significant threat within the next three years, with 45% experiencing at least one such attack in the last 12 months.  Worldwide, 84% of enterprises expressed concerns that third-party attacks could become a significant cyber threat over the next three years.

And while I’ve covered law enforcement’s actions against cybercriminals, would you believe they have their own justice system – that includes the principles of a fair trial.    In a blog from Analyst1, a Dark Web Court is outlined.   Disputes between groups – one who purchases access to a compromised network and then discovers it was previously sold and thus asks for a refund – are managed via an arbitration system.  

Why do we care?

Every time I dig into the culture of the criminals, I walk away a bit more impressed.    It’s that begrudging respect for an opponent who knows their stuff and finds exciting ways to solve problems… for financial gain.

That’s the other side of the people relevancy today.  The criminals have systems… and the defenders have burnout.     It’s why culture matters here – addressing the issue is not just technology but also people and process.     It’s my takeaway here – operating under a constant state of stress isn’t sustainable, driven by a “protect all the things” mentality.