**The Rise of the Young Cybercriminals: Why Hacking is Getting More Accessible**
The world of cybercrime has always been shrouded in mystery, with most high-profile attacks attributed to state-sponsored hackers from nations like Russia or North Korea. But recent cases suggest a disturbing trend: young people, often teenagers, are increasingly involved in sophisticated cyberattacks.
Take the Kido nursery hack and the April attacks on British retailers Marks & Spencer and The Co-operative, for instance. In each case, the suspected hackers were just 17, 19, or 20 years old. The same gang responsible for the M&S hack also targeted Jaguar Land Rover in August, crippling global production and affecting thousands of businesses that rely on sales to JLR.
But what's behind this surge in youth cybercrime? According to Fergus Hay, co-founder of The Hacking Games, a youth cyberskills initiative, young hackers are drawn to the "four Fs": fame, frustration, finances, and friends. High-profile attacks provide a sense of recognition, an outlet for growing dissatisfaction, and a potentially lucrative payout from organizations that cave to ransom demands.
Hay also suggests that online gaming communities play a significant role in shaping young people's attitudes towards hacking. In games, experimentation and breaking rules are often rewarded with XP points, promotions, and competitions. This "live laboratory" of testing and hacking can develop skills that are later applied to real-world cyberattacks.
But why do we see so many young people being drawn into the world of cybercrime? One reason is the growing accessibility of ransomware, peddled by an increasing number of Ransomware-as-a-Service (RaaS) suppliers. These groups provide the infrastructure needed to break through an organization's security measures, making it easier for wannabe hackers to get started – even if they're not highly skilled.
In return for use of their platform, the RaaS group takes a cut of the earnings generated from affected businesses. Most often, this comes from a ransom paid to recover the encryption key and prevent data from being published online.
The cybersecurity skills gap is nothing new, but it's clear that traditional recruitment methods are failing to attract young talent. The UK Government's recent study showed that almost half of all UK businesses struggle with a "basic skills gap." The top three perceived skills gaps within the cyber sector were in auditing and assurance, digital forensics, and cryptography and communications security – areas where young talent could thrive.
So what can be done to combat the rise of youth cybercrime? It's time for the industry to address the social factors driving young people towards criminality. The image of cybersecurity needs to shift, appealing to new talent and showcasing the rewards of legitimate career paths.
Organizations must rethink their hiring policies, looking beyond traditional candidates and embracing those outside of the higher education system and in neurodiverse communities. We need to engage with potential talent where they spend most of their time: online gaming environments or Discord servers.
The industry has a choice to make: show young people that there are legitimate spaces for their talent to shine, or risk losing them to the RaaS message boards. The clock is ticking – and it's down to us to change the narrative around cybersecurity careers before it's too late.