Cyber criminals are increasingly using complex and sophisticated attack methods to target businesses of all sizes and their leaders. While some cyber criminals attack for political gain, others pursue notoriety by seeking to either leak or expose the personal and/or private data instead. This pursuit offers cyber criminals the heady mix of financial gain and lofty status amongst their peers.
While some hackers, such as ethical hackers (White Hat hackers) who gain access to systems with the purpose of fixing the identified weakness, aren’t at the top of the danger list, who are the cyber criminals to watch out for are why are they attacking businesses?
“A hacker is an individual who uses computer, networking or other skills to overcome a technical problem. The term hacker may refer to anyone with technical skills, but it often refers to a person who uses his or her abilities to gain unauthorised access to systems or networks in order to commit crimes. A hacker may, for example, steal information to hurt people via identity theft, damage or bring down systems and, often, hold those systems hostage to collect ransom.”
The hackers to be wary of:
Criminals: Cyber criminals are the most common form of attacker. Often referred to as a ‘Black Hat hacker’, this is a person who gets unauthorised access to a computer system, and is primarily motivated by money. They are looking to steal corporate data, money, and anything that can be valuable. Their attack methods are usually varied and ingenious, and continually look for ways to exploit systems and people. Malware and ransomware are two popular and effective methods.
Script kiddies: Similar to the above, but non-skilled, whereas a proper cyber hacker is very skilled. A script kiddie uses already-made tools to get access to computer systems instead.
Hacktivists: Motivated by ideologies, religion, politics or personal principles, hacktivists usually operate by hijacking websites and leaving messages on them. You’ve probably seen the ‘Anonymous’ group… Hacktivists have extensive resources and are driven by a strong purpose.
Uninformed: Thrill-seekers, simply hacking for the fun of it, are usually young people sat in their bedroom, with little interest or regard over the consequences caused by their hack. They rarely understand the disruption and financial loss involved, or simply don’t care.
Nation States: Less known to target businesses, Nation States, or nation backed hacking, still pose a threat to be aware of, particularly for larger and well-known businesses, or those who have Government contracts. Intelligence agencies have also been known to target high-profile business people or brands who have denounced the State. As expected, Nation States have a lot of resources and capabilities in their armoury.
how to use this information
Businesses need to understand the risks facing them and the people who would want to exploit them. Taking a bigger interest in not only the types of cyber security threats but also the people behind them will provide a much better understanding of what you are up against and what measures need to be implemented to Mitigate against them.
You can also use this information to think about any areas of the business that would present a good target for the different hacker types and make sure they are not vulnerable – whether that is sensitive financial information, personal customer data, Government contracts, or something else. Identify what cyber criminals would want to exploit and ensure they can’t.
The obvious area to address is any weaknesses from a technology point of view, but good cyber governance, processes and employee education are just as powerful when it comes to iron-tight defences.
Cyber crime has been continually on the rise over the last decade, and will continue to do so as more and more things go online. Being aware of who is looking to exploit you is a good step in understanding the risks and being prepared for them.
Mitigate Cyber are cyber security specialists with experience in supporting businesses of all sizes in improving their organisational security. If you feel you may be a target for one of the above groups, our team would be more than happy to discuss what measures you could put in place to mitigate risk.