According to the report, 36% of users at Hackforums were likely women, based on their use of language, and 30% of XSS forum users, a Russian language cybercrime forum, were reportedly women.
In recent years, there has been a shift toward increased gender equality in underground cybercriminal forums. This stands in stark contrast to the more male-dominated cybersecurity industry, where women continue to face significant barriers to entry and advancement.
A recently published study by Trend Micro pushes forward a similar finding wherein at least 30%, if not more, of cybercriminal forum users, are women. Although the methodology used makes the results of the study somewhat unreliable, the report itself recognizes this.
Trend Micro inspected five English-language cybercrime forums: Sinister, Cracked, Breached, Hackforums, and (now defunct and seized) Raidforum, as well as five Russian-language sites: XSS, Exploit, Vavilon, BHF, and WWH-Club.
Since these sites are frequented by largely anonymous users, tools such as Semrush and uClassify’s Gender Analyzer V5 were used to estimate the number of female users.
According to the report, 36% of users at Hackforums were likely women, based on their use of language, and 30% of XSS forum users were reportedly women, based on the same analysis. At first glance, these numbers indicate that cybercriminal forums are more meritocratic than the white hat world, but this article will delve deeper to understand the reasons behind this difference.
One reason for the gender diversity in cybercriminal forums is that these groups are often more decentralized and less hierarchical than traditional workplaces. This can make it easier for women to participate and contribute their skills without fear of discrimination or harassment.
It is important to understand that these forums have traditionally been male-dominated spaces where men exchange information, tools, and services related to cybercrime.
However, with the increased diversity in the cybersecurity industry over the years, more women have entered the field. As a result, there are now more women who possess the skills and knowledge necessary to participate in these forums.
But why is gender diversity not growing at an equal rate in the cybersecurity workforce? The reasons for this gender gap are complex and multifaceted. Women face a range of barriers to entry, including unconscious bias, stereotypes, and a lack of female role models and mentors in the industry. Additionally, the highly technical and male-dominated culture of cybersecurity can create a challenging environment for women to thrive.
According to a 2022 report from Cybersecurity Ventures, women make up just 25% of the cybersecurity workforce, with even lower numbers in leadership roles. This gender gap is especially concerning, given the increasing demand for cybersecurity professionals and the potential consequences of a lack of diversity in this field.
One of the most significant reasons for the increase in the number of female users on cybercriminal forums is anonymity, which can be empowering for women who may face discrimination or harassment in the workplace.
In an underground cybercriminal forum, participants are judged solely on their skills and contributions, rather than their gender or other personal characteristics. This creates a level playing field where women can demonstrate their expertise and gain respect from their peers. As a result, women who seek out a gender-anonymous space have been increasingly drawn to these forums.
Lastly, the rise of cryptocurrencies has made it easier for women to participate in these forums. Traditionally, cybercriminals have used traditional payment methods, such as wire transfers or PayPal, to exchange money for tools and services.
However, these methods are often difficult for women to use, as they may not have access to a bank account or a credit card. Cryptocurrencies, on the other hand, can be easily obtained and used anonymously, making it easier for women to participate in these forums.
What all of this proves is that women are not absent from the cybersecurity industry, but rather likely to be on the wrong side of it. Efforts to address gender inequality in cybersecurity are underway, with initiatives such as Women in Cybersecurity (WiCyS) and the National Cyber Security Centre’s CyberFirst Girls competition aimed at encouraging more women to pursue careers in this field.
However, progress has been slow, and it will likely take a concerted effort from the industry as a whole to truly move the needle on gender diversity. By addressing the underlying barriers to entry and fostering a more inclusive culture, we can create a more equitable and effective cybersecurity workforce where women with a passion for cybersecurity become a valuable part of the industry.