Thoughts of a cyber-criminal: what does he look for and why has he chosen your enterprise?

One of the first steps to take to ensure that your personal information is unavailable is to try to understand the reasons that lead hackers and cyber criminals to do what they do: what are their motives? Politics? Money? Glory? Or is it just confidence that they will get away with it? What influences their actions and possible actions?

What drives a hacker?
')
Considering the importance of getting answers to these questions, Thycotic, a cyber security company, interviewed 127 hackers at the Black Hat USA conference in 2014.

51% of respondents said that their main motivation was “Search for emotions”, while 18% answered that they were motivated by money. According to the report, this shows that "modern hackers are curious enough, they are bored and they want to test their abilities."

To better understand this information, we need to consider it within our context: only some of those who are responsible for carrying out cyber attacks really belong to hackers, while the rest are ordinary cyber criminals who are looking for an easy way to make money. using your attacks.

The vast majority of them (to be more precise, 86%) were also convinced that they would not be held accountable for carrying out their cyber attacks, and therefore they boldly continued to carry out their malicious actions. The conclusion of the study is as follows: “The number of attacks carried out is significantly higher than the level of monitoring systems. Today's hackers are better suited than ever before, and this allows them to carry out numerous attacks on various systems, increasing the success of their actions without increasing the degree of risk. ”

Three reasons to target your business

1. Personal challenge : they carry out these attacks, treating them as a personal challenge to show off to other hackers or simply prove something to themselves. This does not mean that there is no element of danger from such attacks.
2. Personal benefits : as we mentioned above, many cyber attacks (most of the most important attacks) are carried out in order to steal personal data or money.
3. One of the forms of vandalism : sometimes this is done simply to sow chaos (causing accidents of IT systems, etc.), and in other cases there is a certain political aspect (“hacktivism”) among the causes of the attack, as, for example, case of hacker groups that worked under the name Anonymous.



How do they choose the victims?

In the case of information theft, 40% of hackers surveyed stated that their main goal was to find the “weak link in the chain” of the enterprise, the so-called executor. This person may not always have access to the corporate network, but hackers like it when they are not subject to all corporate security policies , and therefore they become a significant goal.

Another 30% showed that their main goal was IT administrators - people with direct access to servers and systems where a large amount of confidential information is stored, relating, for example, to customers or users. This means that when a hacker has gained control of access codes, he can easily and quickly take control of the entire system.

How to protect yourself from attack

Many hackers and cyber criminals are forced to overcome traditional anti-virus systems when they perform their attacks: systems that are not able to adapt to the continuous evolution of cyber attacks.
Currently, there are already security solutions on the market that are able to block applications based on an analysis of their behavior in real time, which allows you to close the "window of opportunity" for malware.