Know your enemy. That’s the key to defending yourself from hackers. The only way forward is a strong defense that anticipates an attacker’s potential routes.
The only way to properly anticipate and prepare is to understand hackers at their very foundations. That’s why I’ve mapped out the mindset of hackers, including their motivations. It’s time to think like a hacker.
Key takeaways:
- Hackers always seek opportunities to exploit and break into businesses’ sensitive data.
- The hacker’s payday from a successful attack can be in the millions of dollars if the data is valuable.
- Prevent attacks by hackers by putting good cybersecurity procedures in place and hiring outside experts to audit your security systems.
What Is the Mindset of a Hacker?
Hackers are curious and creative. They approach problems differently than someone looking to thwart them.
While security professionals must think of every variable and seek feedback on their design choices methodically, hackers are flexible and agile when assessing attack vectors and executing plans.
Their known pragmatism allows them to instantly switch from running into a closed route to finding another opportunity.
The bottom line is hackers are always on the lookout for weakness, and it’s not a matter of if — but when — they find those points.
This is why cybersecurity isn’t a “set-it-and-forget-it” issue. It requires constant vigilance: monitoring, upgrading, and utilizing your security infrastructure.
Why Do Hackers Hack: What Motivates a Hacker?
There are several reasons why hackers do what they do. Some reasons are for personal gain, and some are for more altruistic reasons. These are the most common hacker motivators.
- Financial gain
- Corporate espionage
- Political activism
- Revenge
- Boredom
Financial gain
This is the most commonly discussed motivation for hackers. Ever since the beginning of the COVID-19 pandemic, the majority of cybersecurity-related news coverage on hackers dealt with them using ransomware and holding data hostage for money.
Often, hundreds of thousands or even millions of dollars are demanded as ransom. The potential payoffs are huge.
It’s not just ransomware, either. Selling stolen information and credentials on the black market is also a lucrative business.
As of 2020, more than 15 billion credentials were for sale on the dark web for anyone with a cryptocurrency wallet and knowledge of these marketplaces.
Source: Gridinsoft/Digital Shadows
A shockingly high (one out of three) number of individuals don’t change their credentials even after they’ve been alerted to a breach. This means that even after information has been exposed, hackers can count on a third of victims leaving their credentials in place. That keeps the stolen data valuable.
Credentials and ransomware aside, there are many other ways for hackers to make money, including blackmailing companies with exposed sensitive and incriminating information, selling stolen intellectual property, and just draining financial accounts that they access.
Corporate espionage
Hackers aren’t always working on behalf of themselves. In many cases, these attackers are performing corporate espionage. However, in this case, the ultimate goal is to give other businesses an edge by stealing all kinds of information, including:
- Financial data like market numbers, future planning, and budgets
- Product development timetables
- Proprietary trade secrets and intellectual property, such as schematics and systems
- Customer lists
- Marketing plans
- Executive communications
Hackers do this for financial benefit, but the companies that hire them are in it for so much more. Perhaps they’re looking for a market edge. Other times, they’re looking for incriminating information that can sink their competitors.
Political activism
“Hacktivism” has gained popularity since the 2008 financial crisis, although the concept has existed since the 1980s.
If people think of hacktivists, they may associate the word with groups like Anonymous, which came into prominence during the Occupy Wall Street protests.
Such groups use their skills to enact political and social change by attacking governments, corporate interests, and terrorist groups.
Revenge
Revenge is a potent motivator for cyber sabotage. In the context of businesses, revenge hacks are usually conducted in response to events like firings, budget cuts, and company behavior.
These revenge hacks include:
- Stealing and selling valuable information
- Exposing embarrassing company information to the media
- Locking, encrypting, or crashing workplace devices
- Posting false content to company social media accounts
- Spamming email accounts
This is why insider threats must be taken seriously. Many companies think breaches come from the outside when the most exposed parts of your business are accessible to employees.
Boredom (or notoriety)
Sometimes hackers break into systems because they want to or because they can, and because they want to brag about it afterward. Many hackers like a challenge and, sometimes, breaching your networks, assets, and systems are the perfect cure for a boring afternoon.
A bored hacker can do significant damage to your business.
If notoriety is what they’re chasing, then you can bet that whatever they break into or shut down will get publicized. Even if they don’t take anything, the fact that they got in is all it takes to sink confidence in your brand.
This is especially true regarding distributed denial of service (DDoS) attacks. These kinds of attacks have hit major consumer networks such as Xbox Live, PlayStation Network, and GitHub.
These attacks bring down networks by employing massive botnets ― networks of infected computers ― to flood networks with traffic to deny access to potential outside users.
These attacks aren’t only irritating to customers, but downtime also has the potential to affect revenue streams and consumer confidence.
What Should You Do to Protect Your Business From Hackers?
You can do many different things to protect your business from hackers. Here are a few steps you must take if you even hope to repel half of what’s out there:
- Strengthen your credential requirements.
- Perform an audit of your security strategy.
- Hire a penetration tester.
- Update security tools and patch your network.
- Back up your data.
- Re-evaluate your ethics.
- Embrace a cloud-based security strategy.
Strengthen your credential requirements
According to GoodFirms, 30% of breaches are due to weak credentials and there’s a significant market for hackers to buy and sell such information. This same research found lots of troubling numbers regarding passwords, including:
- 62.9% of respondents only change their passwords when prompted.
- 47.5% of respondents reuse the same password for multiple sites and applications.
- 52.9% of respondents have shared credential information with friends, family, or other coworkers.
- 35.7% of respondents still after all of these years use sticky notes and other forms of paper notes to jot down their passwords.
These are staggering yet unsurprising numbers considering the breaches seen in recent years. One way to prevent easy breaches for hackers is to strengthen your credential security by beefing up security policies and instituting identity/password management software.
When establishing strong credential policies, you have to mandate certain character, number, and complexity requirements. Adding numbers and symbols into passwords is a great way to decrease the likelihood of a brute-force attack by botnets.
Perhaps even prompt your employees to run their password through Security.org’s password checker. Not to worry as they don’t store what you enter.
Source: Screenshot
You’ll also want to create a policy of regular password changes. Once a quarter is common, but that’s not enough. Most employees add a symbol or some other variation to their existing passwords.
While it’s hard to prevent this, it’s important to encourage your employees to come up with original passwords each time they make a change.
As for identity/password management, many vendors are out there, including Okta, LastPass, and OneLogin. It’s important to choose a product that offers:
- Multifactor authentication.
- Password policy enforcement.
- Cloud application log-in portals.
- Cloud application integrations.
The combination of these tools and strategies guards your organization’s credentials from outside attackers as well as provides insulation from careless employees leaving their passwords on paper around the office.
Perform an audit of your security strategy
Understanding your security and network architecture is foundational to your fight against hackers. Hackers are always searching for vulnerabilities. When one door shuts, they look for an open window.
This means you have to remain vigilant when it comes to reevaluating and strengthening your security architecture. The first step is auditing your security strategy, which includes:
- Mapping out your threat surface: Understanding the in’s and outs of your organization, including the strengths and weaknesses, gives you a better understanding of what needs updates and support.
- Prioritize all of your assets and risks: Some assets, data, devices, and risks are more important than others. Create a risk assessment matrix to determine where most of your attention should be paid.
- Create new security policies and plans: As with the credentials issue,develop new policies that address the priorities and risks listed in the previous step. Make sure to document all of these policies and plans to instruct your employees on their roles in keeping the business safe from breaches.
Once you’ve worked through these steps, you can either start filling in your security gaps, such as firewalls, intrusion prevention systems, or text message encryption or get more context with the next suggestion.
Hire a penetration tester
Do you want to know where you’re most vulnerable? Hire a penetration tester — aka an “ethical hacker” — on a contract basis to attack your organization to find all of your weak spots, especially the most dangerous entry points.
After all, who knows what a hacker looks for better than another hacker? There are several types of penetration tests to consider:
- White box: The hacker is provided with some information regarding the target company’s secret information.
- Black box: A “blind” test, this is one where the hacker is given no background information besides the name of the target company.
- Covert: A “double-blind” pen test, this is a situation where almost no one in the company is aware that the pen test is happening. This is usually considered a big “no-no.”
- External: In an external test, the ethical hacker goes up against the company’s external-facing technology, such as their website and external network servers.
- Internal: The ethical hacker performs the test from the company’s internal network. These can be used to simulate attacks from an employee or other kinds of insider threats.
If your security systems are adequate, then alarms go off and mitigation efforts come into play. Once the test concludes, the penetration tester creates a list of recommendations to improve your strategy and bolster your defenses.
Update security tools and patch your network
Chances are that your penetration test leads to plenty of suggestions to update certain cybersecurity software tools and patch vulnerabilities in your network. These can range from performing a simple software update to an antivirus program or overhauling outdated firewalls.
Misconfigurations are also possible even if your software or network is up to date. Maintaining network and security infrastructures are complicated tasks requiring a detail-oriented process.
For example, you might be told to close certain network ports that give hackers easy access to your network so they can move laterally to other systems.
Whatever the penetration test recommends you fix, be sure to make those changes as quickly as possible because if an ethical hacker can find the exploit, you can be sure a money-driven hacker can as well.
Back up your data
The reason hackers have so much power over their victims, particularly those affected by ransomware, is the fact that the attacker controls lots of valuable data and systems.
After all, businesses live and die by the information they collect, including personally identifiable information (PII), market reports, sales data, and much more.
Backing up your data in the cloud is a great way to create a stop-gap against hackers looking to hold your information for ransom.
While it’s true that a breach is awful no matter how you slice it, having access to your information steals much of the power a hacker might hold over your business.
Ensure these backups are conducted regularly, ideally in real-time as this data is created.
Re-evaluate your ethics
Hacktivism is a real threat. But if your business engages in ethically questionable practices, like underpaying employees, hiding scandals, and/or breaking the law, you’re opening yourself up to hacktivist attacks, if not revenge attacks from your employees.
One of my suggestions is “just don’t do bad things.” I get how simplistic that sounds. But it’s hard to expose bad practices if there’s nothing to expose. Just something to consider if you think this might apply to you.
Embrace a cloud-based security strategy
Yes, I’m once again going to recommend adopting a secure access service edge (SASE). The future of security marries the power of a carefully constructed slate of cloud-based security tools with virtual network architecture.
The point of this transition is to fix the pitfalls of the traditional network architecture to create a smart, granular, context-based security environment that follows employees whether they’re at the office, at home, or on the go.
This is important because the COVID-19 pandemic stretched the traditional perimeter to its limits and beyond, leading to a massive increase in breaches.
Using tools like cloud access security brokers, secure web gateways, zero-trust principles, and data loss prevention, companies can control their data and devices from wherever.
These technologies read into the context of situations to determine whether assets are used for work or other nefarious purposes. This way, you can prevent insider threats from exfiltrating data or hackers from damaging your security systems.
While this is still an evolving concept incorporating all these and many other technologies, several security vendors are already constructing their versions of SASE architecture through new software development and vendor partnerships.
Either become an early adopter of this concept or learn as it gains traction.
Looking for Next Steps on Upgrading Your Security?
Now that you better understand what hackers are motivated by and know how to bolster your defenses, you can learn more about protecting your business from hackers by visiting our Cybersecurity Resources for Small Business page.