One Third Of Cyber Criminals Are Women

Uploaded on 2023-03-08 in NEWS-News Analysis, FREE TO VIEW

Female engagement in cyber crime is a lot higher than other parts of crime, according to a new report, which raises some interesting questions about possible gender bias in investigations. 

In a research paper Trend Micro show that while female cyber criminals are in the minority, they most certainly do exist in large numbers and they say an investigator should be open to this possibility from the start.

It revealed that 30% of those XSS forum users were women, rising to 36% of Hackforums users. XSS and Hack Forums are popular entrances into the world of criminal hacking, with tutorials and millions of posts teaching the relevant skills.  

“Our control group consisted of 10 aliases that posted their gender profiles online and identified themselves as women from XSS and Hackforums,” the report noted. “When we ran posts from these users through the text analyzer, results indicated that all the aliases were classified as female with an average classifier percentage of 82.4%.”

Trend Micro's researchers also used an  AI tool to discover the gender of cyber crime forum users. Semrush is an SaaS  search engine marketing solution that uses machine learning algorithms to analyse data from social networks and other third-party sources, in order to determine the demographic information of web users, such as gender. Its analysis claimed an even higher percentage of dark web forum users were women: 41% of XSS users and 40% of Hackforums users.

By contrast, 4–8% of the prison population in the UK, Russia and US is female, according to data cited in the report. If accurate, the findings would also indicate that a higher percentage of women participate in cyber crime than currently work in the cyber security industry. The latest estimates from ISC2 say the number is about 24%, although it increases to 30% in the under-30s.

Trend Micro suggest that the cyber crime economy appears generally welcoming of all individuals so long as they have the right skills and experience. This is in contrast to the 'legitimate' industry where sexism is prevalent

That should be a reminder to investigators never to assume a malicious actor’s gender, it concluded. “It is our recommendation for all investigators to avoid assumptions of male personas while carrying out their work - such as referring to a suspect as ‘he’ or ‘his’ - as this creates an inherent bias as they progress their case,” says the Report.

Various academic research has found that there are complex reasons behind the very low percentage of women working in the cyber security industry. Yet women could be the key to overcoming the shortage of skilled workers required to combat the growing threat of online crime.

Trend Micro:   Jo. Advances in Humabities:    Infosecurity Magazine:      ICS2:    Cyber Peace Inst.:   

Cybesecurity Ventures:     Krebs on Security:    Heimdal Security:   

You Might Also Read:

More Women Needed In Cyber Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Two Cities In Californian  Attacked
Which CI/CD Tools Can Promote Supply Chain Security? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

ShmooCon

ShmooCon

ShmooCon is an annual east coast hacker convention offering three days of demonstrations and discussions of critical infosec issues.

CynergisTek

CynergisTek

CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry.

IAC

IAC

IAC is a specialist Irecruitment consultancy covering Internal Audit, Risk, Controls, Governance, IT Audit, and Cyber Security roles.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

National Cybersecurity Hub South Africa

National Cybersecurity Hub South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

Sistem Integra (SISB)

Sistem Integra (SISB)

SISB provide IT Security Infrastructure & Development, Mechanical & Electrical Services, Fire Safety & Detection Services, Facilities Management & Application Development.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

th4ts3cur1ty.company

th4ts3cur1ty.company

th4ts3cur1ty.company specialize in delivering intelligence lead adversary emulation purple teaming & the bespoke building of Security Operation Centers.

PeckShield

PeckShield

PeckShield is a blockchain security company which aims to elevate the security, privacy, and usability of entire blockchain ecosystem by offering top-notch, industry-leading services and products.

Trust Stamp

Trust Stamp

Trust Stamp provide Identity and Trust as a Service to answer two fundamental questions: “Who are you?” and “Do I trust you?"

Certihash

Certihash

Certihash have developed the world’s first blockchain empowered suite of information security tools based on the NIST cybersecurity framework.

Stacklet

Stacklet

Stacklet provides cloud governance as code platform that accelerates how Global 2000 manages its security, asset visibility, operations, and cost optimization policies in the cloud.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.