Cyber Security Experts vs. Cyber Criminals: Who Makes More?

A new ad has been circulating that targets young cyber criminals. It is a call to action for cyber criminals to become cyber security experts essentially before it is too late. The ad was created in a joint effort of Europol and European law enforcements. The ad (above) creates a chart saying that cyber security experts have higher health, dexterity, stamina, happiness, and most importantly cash. It lists the benefits of being a cyber security expert as skills in coding, gaming, computer programming, and anything IT-related that will provide them job opportunities. On the other side, it notes that cyber criminals face jail time, fines, seizure of computers, and criminal records as a result of their crimes. The ad clearly targets youth, particularly youth that play video games due to the imagery of status bars that you might see in a game. But how accurate is the ad? To determine this, let’s look at what each actually make.

According to the Bureau of Labor Statistics, an Information Security Analyst makes a median pay of $90,120 per year or $43.33 per hour. This translates to about $7,510 a month. This means that a newbie will most likely make less than this starting out, but seasoned professionals can make over $100,000 per year. The job often requires a bachelor’s degree in a computer-related field as well as certifications that may be job specific. These jobs are also in very high demand and will continue to grow 18% until 2024.

The duties of an Information Security Analyst includes monitoring the organizations networks for security breaches, installing and using software to protect information, prepare reports for security breaches, conduct penetration testing, develop security standards, and recommend security enhancements. Most of these jobs work full time with some having to be on call. Next, let’s look at what cyber criminals make and what they do.

It is difficult to put hard numbers on exactly what cyber criminals make. This is mainly due to their lack of steady income compared to a legitimate job. However we can look at how much money they have made on past attacks, as well as some reported amounts. Lately, ransomware has been taking the world of cyber security by storm. Business Insider reports that attackers are making $7500 per month through ransomware. It isn’t very hard to believe if you consider how fast ransomware can spread, as well as looking at previous organizations that have paid the ransom. One example would be the hospital in Hollywood, California that paid $17,000 to get their data back.

While these numbers sound impressive, it is important to consider how exactly cyber criminals organize to determine exactly how this money is split. Often it is a team of criminals that perpetrate these attacks and not a single individual. Andrei Barysevich from Recorded Future explains the hierarchy of a cyber crime syndicate. It starts with a mastermind that heads the whole cyber crime initiative followed by a project manager under him. Under the project manager are software engineers, hackers, and forgers, and then intermediaries. Essentially, this means that any big score from a cyber-attack is divided among this team with the most going to the mastermind and project managers, and the rest going to the hackers, software engineers, forgers, and intermediaries. Barysevich states that the majority of cyber criminals make about $1,000 to $3,000 dollars per month, while the masterminds can make amounts as large as $20,000 per month.

Since the ad is targeting youth, it is safe to assume they do not yet have the skills or connections to become masterminds of cyber crime organizations. This means that they ones this ad is targeting would fall into the $1,000 to $3,000 per month range or $12,000 to $36,000 per year. The amount of skill required to be a cyber criminal can vary. A typical cyber criminal will make their money by sending spam, stealing bank accounts, DDoS attacks, stealing and selling information, and holding information ransom. These skills will require a time investment for independent learning, or potentially from an education in computer-related fields.

In conclusion, the ad is accurate when it comes to money. A cyber security job will provide a much larger income for a youth compared to cyber crimes. A typical cyber security expert will make somewhere around $90,120 compared to $12,000 to $36,000 per year as a cyber criminal. Cyber security experts will have work benefits, while cyber criminals will have to deal with the risks of criminal activity.

References

Barysevich, A. (2016, November 17). Inside the Mind of Cyber Criminals. Retrieved December 14, 2016, from https://www.recordedfuture.com/cyber-criminal-profiling/

Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, 2016-17 Edition, Information Security Analysts,
on the Internet at https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm (visited December 13, 2016).

Szoldra, P. (2016, June 2). Hackers are making $7500 per month by holding people’s data hostage. Retrieved December 14, 2016, from http://www.businessinsider.com/flashpoint-report-ransomware-2016-6