The National Crime Agency (NCA) recently published a report that revealed the average age of a UK hacker is only 17 years old. The alarming investigation found that most youngsters fall into hacking after discovering a passion for the digital world, usually through the gateway of games consoles. By the tender age or 13 or 14, these digital delinquents have developed the capability to begin utilising their gaming devices and digital expertise for hacking. Among the most common types of crime were developing and selling hacking toolkits, blackmailing companies and breaking into online accounts.
This incredible ability coming at such a young age should come as no surprise to the general public. Digital technology has been on the rise for decades and we now have generations of youngsters who have grown up surrounded by technology and use it extensively in their day to day lives – meaning that they develop high literacy in technological skills at a very young age. This is particularly true of British teenagers, who spend more time online than most other teenagers around the world. Given that the same survey revealed they also rank quite highly in terms of dissatisfaction with life, it seems unsurprising that they are venting their frustrations within the world they understand the most: the online one.
Although these findings may at first seem irrelevant for businesses, they are extremely important in terms of understanding cybersecurity risks. The NCA investigation found that many of these teen hackers are mostly motivated by “building a reputation” as an excellent hacker and pursue their game on the basis of how challenging the target will be, rather than how much money they could gain for a potential hack. Much like the more traditional morality-lead hackers who outed adulterers by stealing and publicising user information from the website Ashley Madison, these young people are interested in what they can gain on a reputational and skills-based level instead of what they can actually gain from the data breaches themselves.
This means that the better an organisation’s level of cybersecurity is, or the higher the profile of their brand, the more appealing they become to young hackers who want to gain a “name” for themselves in the shadowy world of cybercrime and hacking. Although interestingly, given the lack of concern they have in the intrinsic value of what is being hacked, any system of any organisation can become a target, rather than just those on the frontline of protecting core assets. Furthermore, the rate at which these young hackers are exchanging intelligence and developing new tools vastly outweighs the rate at which most companies are updating and monitoring their cybersecurity tools. Thus, a two pronged risk is revealed: the risk of turning your organisation into a target by protecting it properly and that of being outnumbered by the sheer scale of hackers who collaborate to develop exploitations and share vulnerabilities.
However, it isn’t all doom and gloom. Whilst the NCA research is largely acting as a warning for companies to tighten their security measures and remember to update them frequently, it also comes as an opportunity to act. Today’s hackers could well be tomorrow’s cybersecurity employees and targeting youngsters with an organic interest in computer technology, as well as a known expertise in the world of hacking, could be the secret to finding and recruiting more cybersecurity experts. This way firms can start to actively combat threats to data protection by utilising insider knowledge and up-and-coming youngsters with an extensive depth of digital literacy and real-life experience, who could ironically be the ones to help make an organisations more secure.
This would not come without a risk. It would be hard to place faith in new recruits who have a known history of data breaches and hacking – as they largely view hacking as a casual act, or a bit of fun which is not to be taken seriously. However, with the right approach and training, organisations could be looking at the opportunity of a lifetime: utilising the future stars of the tech world to protect themselves from threats that they perhaps do not yet understand themselves.