>He said the average age of anyone arrested for a crime in the U.S. is 37, while the average age of someone arrested for cybercrime is 19.
Indeed. So why is it that these billion-valued-companies can so easily be hacked by teenagers? Who would win: a trillion dollar industry of cyber security, or a bunch of bored outcast teenagers?
No - I think it has much more to do with the fact that anyone smart enough to be doing this is going to be gainfully employed by the time they're an adult - but as an adolescent, you are bored, talented, and unrecognized - not a good combination.
This is exactly my story and I doubt it is very unique.
Because properly securing your systems is hard, especially if the attack surface is large. The attacker only needs to find a single weakness.
Furthermore, you don't hear from all the teenagers trying to find vulnerabilities across the web, just when there's headlines.
Yes it's hard and also not done well. Most companies don't fund security as much as they should. At best they'll hire an occasional consultant for the purposes of compliance with a supplier agreement or industry regulation they have to meet.
As a former bored teen, who went after similar sized companies (and was eventually caught), I’d say you’ve already got your answer - boredom, being a tad neurotypical helps too.
Most of the things I pulled could have been prevented if everything was checked against the OWASP top 10.
Then the other multiplier is how old the company is, at a certain stage there’s a digital footprint that isn’t properly documented internally.
Indeed. So why is it that these billion-valued-companies can so easily be hacked by teenagers? Who would win: a trillion dollar industry of cyber security, or a bunch of bored outcast teenagers?