Know your enemy.

That’s the key to defending yourself from hackers. I know they say “the best defense is a good offense” but, in this case, there’s no real attack option. The only way forward is a strong defense that anticipates the potential routes an attacker might take.

The only way to properly anticipate and prepare is to understand hackers at their very foundations. That’s why I’ve mapped out the mindset of hackers, including their varying motivations. It’s time to think like a hacker.

What Is the Mindset of a Hacker?

Hackers are curious and creative individuals. They typically approach problems differently than someone looking to thwart them.

While security professionals have to think of every variable and seek feedback on their design choices in a methodical manner, hackers are flexible and agile when assessing attack vectors and executing plans.

Their known pragmatism allows them to switch on a dime from running into a closed route to finding another opportunity.

The bottom line is, hackers are always on the lookout for weakness and it’s not a matter of if, but when they find those points.

This is why cybersecurity isn’t a “set-it-and-forget-it” kind of deal. It requires constant vigilance when monitoring, upgrading, and utilizing your security infrastructure.

Why Do Hackers Hack: What Motivates a Hacker?

  • Financial gain
  • Corporate espionage
  • Political activism
  • Revenge
  • Boredom

Well, there are several reasons why hackers do what they do. Some reasons are for selfish personal gain and some are for more altruistic reasons. These are the most common hacker motivators.

Financial Gain

This is the most commonly discussed motivation for hackers. Ever since the beginning of the pandemic, the vast majority of cybersecurity-related news coverage regarding hackers dealt with hackers using ransomware and holding data hostage for money.

Once you see the hundreds of thousands or even millions of dollars demanded as ransom, you can understand the financial benefits of hacking.

It’s not just ransomware either. Selling stolen information and credentials on the black market is a lucrative business as well.

As of 2020, more than 15 billion credentials were for sale on the dark web for anyone with a cryptocurrency wallet and a knowledge of these marketplaces could pick up valuable login information.

price of stolen accounts in dark web
Selling stolen login credentials on the dark web is one way hackers make money. Some types are more profitable than others for obvious reasons.

Source: Gridinsoft/Digital Shadows

The worst part about all of this is the shockingly high number (one out of three) of exposed individuals who don’t change their credentials even after they’ve been alerted to a breach. This means that even after information has been exposed, hackers can roughly count on a third of their victims leaving their credentials in place to be sold on the dark web.

Credentials and ransomware aside, there are so many other ways for hackers to make money in their profession, including blackmailing companies with exposed sensitive and incriminating information, stealing intellectual property to sell it, and even just draining financial accounts that they access.

Corporate Espionage

Hackers aren’t always working on behalf of themselves. In many cases, these attackers are performing corporate espionage that, in some ways, falls under the “financial” motivation.

However, in this case, the ultimate goal is to give other businesses an edge in the market by stealing all kinds of information, including:

  • Financial data like market numbers, future planning, and budgets
  • Product development timetables
  • Proprietary trade secrets and intellectual property, such as schematics and systems
  • Customer lists
  • Marketing plans
  • Executive communications

Hacker do this for their own financial benefit, but the competition that hires them is in it for so much more. Perhaps they’re looking for a market edge and other times they’re looking for incriminating information that can sink their competitors.

Political Activism

“Hacktivism” has gained a lot of steam since the 2008 financial crisis, although the concept has existed since the 1980s.

When most people think of hacktivists they typically associate the word with groups like Anonymous, which came into prominence during the Occupy Wall Street protests.

Groups like Anonymous and other hacktivists use their skills to enact political and social changes by attacking governments, corporate interests, and terrorist groups.

These kinds of hackers aren’t motivated by profit incentives. Instead, they seek change by “punishing” those who they deem to threaten their political and social worldviews. A few good examples include:

These are a few notable examples but there are countless instances of hacktivism that have occurred, especially over the last two decades.

Revenge

Revenge is a very potent motivator for cyber sabotage, whether it’s warranted or not. In the context of businesses, revenge hacks are usually conducted in response to many expected and unexpected reasons, including firings, budget cuts, unethical company behavior, decline in the quality of work life, and so on

These revenge hacks include all kinds of attacks, such as:

  • Stealing and selling valuable information
  • Exposing embarrassing company information to the media
  • Locking, encrypting, or crashing workplace devices
  • Posting false content to company social media accounts
  • Spamming email accounts

This is where the conversations revolving around insider threats must be taken seriously. Many companies think breaches come from the outside when the most exposed parts of your business are accessible by employees.

Boredom (or Notoriety)

We can’t rule out the simple challenge, boredom, or notoriety as a motivator. Sometimes hackers break into systems because they want to, because they can, and because they want to brag about it afterward. Many hackers like a challenge and, sometimes, breaching your networks, assets, and systems are the perfect cure to a boring afternoon.

While this sounds relatively harmless when compared to the axe grinding you’d expect from a slighted employee bent on revenge, a bored hacker can do significant damage to your business.

If notoriety is what they’re chasing, then you can bet that whatever they break into or shut down gets publicized as far and wide as possible. Even if they don’t take anything, the fact that they got in is all it takes to sink the confidence in your brand.

This is especially true in terms of distributed denial of service (DDoS) attacks. These kinds of attacks have hit major consumer networks like Xbox Live, PlayStation Network, GitHub, and many others.

These attacks bring down networks by employing massive botnets ― networks of infected computers ― to flood networks with traffic to deny access to outside potential users.

These attacks aren’t only irritating to customers, but downtime also has the potential to affect revenue streams and consumer confidence.

What Should You Do to Protect Your Business From Hackers?

  1. Strengthen your credential requirements
  2. Perform an audit of your security strategy
  3. Hire a penetration tester
  4. Update your security tools and patch your network
  5. Backup your data
  6. Reevaluate your ethics
  7. Embrace a cloud-based security strategy

There are many different things you can do to protect your business from hackers. Here are a few foundational steps you must take if you even hope to repel half of what’s out there.

Strengthen Your Credential Requirements

According to GoodFirms, 30% of breaches are caused due to weak credentials and there’s a significant market for hackers to buy and sell credential information. This same research found lots of troubling numbers regarding passwords, including:

  • 62.9% of respondents only change their passwords when they’re prompted to
  • 47.5% of respondents reuse the same password for multiple sites and applications
  • 52.9% of respondents have shared credential information with friends, family, or other coworkers
  • 35.7% of respondents still after all of these years use sticky notes and other forms of paper notes to jot down their passwords

These are staggering yet unsurprising numbers considering the breaches we’ve seen in recent years. One way to prevent easy breaches for hackers is to strengthen your credential security by beefing up security policies and instituting identity/password management software.

When establishing strong credential policies, you have to mandate certain character number and complexity requirements. Adding numbers and symbols into passwords is a great way to decrease the likelihood of a brute force attack by botnets.

Perhaps even prompt your employees to run their password through Security.org’s password checker. Not to worry as they don’t store what you enter.

How secure is my password
I create nonsensical passwords, which just happen to bolster my own credential security.

Source: Screenshot

You’ll also want to create a policy of regular password changes (once a quarter is common), but that’s not enough. Most employees add an additional symbol or some other variation on their existing passwords.

While it’s hard to prevent this, it’s important to encourage your employees to come up with original passwords each time they make a change.

As for identity/password management, there are lots of vendors out there, including Okta, LastPass, OneLogin, and many others. The important thing is to choose a solution that offers the following features:

  • Multifactor authentication
  • Password policy enforcement
  • Cloud application login portals
  • Cloud application integrations

The combination of these tools and strategies guards your organization credentials from outside attackers as well as provide insulation from careless employees leaving their passwords around the office on paper notes.

Perform an Audit of Your Security Strategy

I know this is something I recommend regularly in my content but understanding your security and network architecture is foundational to your fight against hackers. Hackers are always on the prowl for exploits and vulnerabilities. When one door shuts, they go looking for an open window.

This means you have to remain vigilant when it comes to reevaluating and strengthening your security architecture. The first step is auditing your security strategy, which includes:

  • Mapping out your threat surface: Understanding the ins and outs of your organization, including the strengths and weaknesses gives you a better understanding of what needs updates and support.
  • Prioritize all of your assets and risks: Some assets, data, devices, and risks are more important than others. Create a risk assessment matrix to determine where most of your attention must be paid.
  • Create new security policies and plans: As with the credential issue,develop new policies that address the priorities and risks listed in the previous step. Make sure to document all of these policies and plans to instruct your employees on their roles in keeping the business safe from breaches.

Once you’ve worked through these steps, you can either start filling in your security gap, such as firewalls, intrusion prevention systems, or text message encryption, or get more context with the next suggestion.

Hire a Penetration Tester

Do you want to know where you’re most vulnerable? Hire a penetration tester (“ethical hacker”) on a contract basis to attack your organization to find all of your weak spots, especially the most dangerous entry points.

After all, who knows what a hacker looks for better than another hacker? There are several types of penetration tests to consider:

  • White box: Hacker is provided with some information ahead of time regarding the target company’s secret information.
  • Black box: A “blind” test, this is one where the hacker is given no background information besides the name of the target company.
  • Covert: A “double-blind” pen test, this is a situation where almost no one in the company is aware that the pen test is happening. This is usually considered a big “no-no.”
  • External: In an external test, the ethical hacker goes up against the company’s external-facing technology, such as their website and external network servers.
  • Internal: Ethical hacker performs the test from the company’s internal network. These can be used to simulate attacks from an employee or other kind of insider threat.

If your security systems are adequate, then alarms go off and mitigation efforts come into play. Once the test concludes, the penetration tester creates a list of recommendations to improve your strategy and bolster your defenses.

Update Your Security Tools and Patch Your Network

Chances are that your penetration test leads to plenty of suggestions to update certain cybersecurity software tools and patch vulnerabilities in your network. These can range from performing a simple software update to an antivirus program to overhauling outdated firewalls.

Even if your software or network is up-to-date, misconfigurations are also a possibility. Maintaining network and security infrastructures are complicated tasks requiring a detail-oriented process.

For example, you might be told to close certain network ports that give hackers easy access to your network so they can move laterally to other systems.

The point is, whatever the penetration test recommends you fix, be sure to make those changes as quickly as possible because if an ethical hacker can find the exploit, you can be sure a money-driven hacker can as well.

Back Up Your Data

The reason hackers have so much power over their victims, particularly those affected by ransomware, is the fact that the attacker holds control over lots of valuable data and systems.

After all, businesses these days live and die by the information they collect, including personally identifiable information (PII), market reports, sales data, and much more.

Backing up your data in the cloud is a great way to create a stop-gap measure against hackers looking to hold your information for ransom.

While it’s true that a breach is awful no matter how you slice it, still having access to your information steals a lot of the power a hacker might hold over your business.

Make sure these backups are conducted on a regular basis, ideally in real-time as this data is created.

Reevaluate Your Ethics

Hacktivism is a real threat. In some ways, you can’t please everyone. But if your business is engaging in ethically questionable practices, like underpaying employees, hiding scandals, and/or breaking the law, you’re opening yourself up to hacktivist attacks, if not revenge attacks from your own employees.

One of my suggestions is “just don’t do bad things.” I get how simplistic that sounds. Hard to expose bad practices if there’s nothing to expose. Just something to consider if you think this might apply to you. If not, then you’re pretty much in the clear on that front.

Embrace a Cloud-based Security Strategy

Yes, I’m once again going to sing the song of adopting Secure Access Service Edge (SASE). It’s the future of security that marries the power of a carefully constructed slate of cloud-based security tools with virtual network architecture.

The point of this transition is to fix the pitfalls of the traditional network architecture to create a smart, granular, context-based security environment that follows employees whether they’re at the office, at home, or on the go.

This is so important because the COVID-19 pandemic has stretched the traditional perimeter to its limits and beyond, leading to a massive increase in breaches.

Using tools like cloud access security brokers, secure web gateways, zero trust principles, data loss prevention, and many others, companies can maintain control over their data and devices from wherever.

These technologies read into the context of situations to determine whether assets are being used for work needs or for other nefarious purposes. This way, you can prevent insider threats from exfiltrating data or hackers from bringing down your security systems.

While this is still an evolving concept incorporating all of these and many other technologies, several security vendors are already constructing their versions of secure access service edge (SASE) architecture through new software development and vendor partnerships.

Either look to become an early adopter of this concept or keep your ear to the ground as it gains traction.

Looking for Next Steps on Upgrading Your Security?

Now that you better understand what hackers are motivated by and know a way forward to bolster your defenses, you can learn more about protecting your business from hackers by visiting our Cybersecurity Resources for Small Business page.