'The youngest cyber offender I arrested was eight years old'
Chris White of the South East Cyber Resilience Centre on redirecting the talents of young offenders to help small businesses
"In the policing we call them young offenders, but in the cyber world they are 'young and talented individuals', because we recognise they have a core set of skills that could migrate into cyber security" said Chris White, Head of Cyber and Innovation at the South East Cyber Resilience Centre (SECRC).
The youngest of these talented individuals that has crossed White's path was just eight years old. That's rare, but it's not unusual to find 13-year-olds who have trained themselves on YouTube to hack a retailer and order themselves some free goodies.
The average age of a cyber criminal is 17-and-a-half, White told the audience at Computing's Cybersecurity Festival last week; for other types of crime it's 27.
In policing for 20 years, White's focus has changed from nicking these 'young talented individuals' to redirecting their wayward energies.
SECRC is a police-led partnership with academia and businesses aimed at improving cyber resilience of businesses in southeast England. It's part of an initiative by the Home Office to create not for profit centres set to help small businesses, charities and other under-resourced entities to defend themselves by providing training and advice.
Young offenders are not the SECRC's main source of talent, though; that would be students just coming out of university or training courses who are just starting on a cyber career and do not command substantial salaries of their more experienced peers. Often it's about training businesses in the basics, said White.
I've had countless business owners on the phone to me crying their eyes out
"I'm a bakery with smartphones connected to the internet, a shop, a website to sell cakes. How do I set these computers up correctly?"
Frequently, he went on, small businesses like this have launched websites to make the most of through advertising Facebook, Google and Instagram, with no thought to securing the systems.
"They've never actually taken a step back to say, how do I set this up properly?"
The majority of offenders White comes across prey on basic failings, such as weak passwords and admin permissions given to all by default.
"You speak to Joe average small business owner and they're not getting the basics right," said White.
Many people, including young offenders, see low level cyber as a victimless crime, he went on, but that's not the case. It can actually ruin lives and livelihoods.
"I've had countless business owners on the phone to me crying their eyes out, saying 'I can't deal with this, I don't know how to keep them out'. This is a family business and I have to tell friends and family that they can't come to work tomorrow because I don't have a business any more'. So it is very disruptive when it happens."
Cyber crime is the fastest-rising type of criminal activity, he added, so it's important that all organisations understand the basics and ask for help if they need to.