Corporate Cybercrime - A Hacker’s Point Of View

Uploaded on 2018-10-18 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

British Airways and Facebook have hit headlines recently when they became the latest in a long list of high-profile organisations to fall victim of a data breach at the hands of malicious hackers.  Events like these inflict significant reputational damage on brands involved, while the customers affected face inconvenience, and perhaps more importantly, stress and uncertainty over what it really means for them personally.

But what about the hackers? What do they stand to gain from an attack like this? And who are this mysterious new breed of cyber criminals?

It’s Child’s Play
I personally started hacking at the age of eleven. It really stemmed from curiosity and a healthy appetite for mischief. While my first ‘hack’ involved a soldering iron and a friend’s Sony Walkman, I quickly moved onto modems, dial-ups and into the systems of a couple of companies – notably one of the ‘big four’ consultancy firms, which subsequently recruited me to help set up the UK’s first ethical hacking department.
My first forays into hacking were in the early days of the internet, but today there is a generation of talented, curious young people who are growing up living and breathing technology. 
They are pushing the boundaries of technology, finding flaws in existing systems and connecting with likeminded people anywhere else on the planet. Businesses today face the challenge of harnessing this talent in a positive way, and make helping their business through ‘white hat’ hacking a more attractive proposition than going down the ‘black hat’ malicious hacking route.

The Human Target
Hollywood movies have created a common idea that hacks involve sneaky individuals getting into systems by hacking direct into the machines themselves in the dead of night. This is no longer the case. Hackers today typically don’t attack computers directly. Computers are hard targets with solid defences, so instead they go for the weak link – the people who use them.
The vast majority of cyberattacks against companies are human-targeted attacks. Unlike machines, people are vulnerable to psychological trickery. Hackers can directly target people inside a company, and by tricking them into opening emails or revealing insufficiently secure passwords, they can then use tools like spyware and malware to take control of systems from wherever they are in the world.

Infiltrating the InBox
Email-based hacking is the fastest growing form of cybercrime. It was the mechanism used by Russian Hackers in 2016 to compromise Hilary Clinton’s campaign HQ, sending emails targeting Jon Podesta and other high-ranking officials to get spyware into the DNC computer system.

While businesses can invest a lot of money to create secure systems, you are only as strong as your weakest link, and unfortunately these systems are used every day by humans. It is vital that employees are urged to stay vigilant and trained in best practices, because it only takes one cleverly worded email for hackers to attack your system from the inside out.
It’s not all about the Money

When we see stories like the British Airways data breach in particular, it is very easy for us imagine why someone would want access to more than 300,000 people’s credit card details. This leads many business leaders – particularly those running smaller companies or firms who aren’t directly processing payments – to fall into the trap of thinking ‘nobody would care about our data’ and subsequently take a lax view when it comes to cybersecurity.

While some hackers are of course intent on major financial fraud, that is not the only motivation. Some are intent on little more than mischief, while other might have a personal reason for targeting a particular company, such as ‘hacktivists’ hitting organisations because of a political or social motivation.

The reality of today’s digital world is that your data is your business. Customers, staff and partners trust you with their invaluable data every day, so you owe it to them to keep it safe from the threat of hackers or that trust could quickly disappear.

By Tayo Dada: Cyber security expert and the founder of Uncloak.io, the world’s first blockchain powered cyber security solution.

Management Today:

You Might Also Read:

How To Hack the Hackers: The Human Side Of Cybercrime:

 

« Blockchain As A Service Market To Reach $7 Billion
Lesser Skilled Cybercriminals Adopt Nation-State Hacking Methods »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

Cybsecurity Foundation (CSF)

Cybsecurity Foundation (CSF)

Cybsecurity is a non-profit NGO, which aims to work on improvement of security levels in the Polish cyberspace.

InfoSec World

InfoSec World

InfoSec World conference and expo covers all aspects of information security with a broad agenda of sessions on key security issues.

Cyber Security Capital (CS^)

Cyber Security Capital (CS^)

Cyber Security Capital is a consultancy helping to mobilise and empower individuals, corporate leaders and entrepreneurs in cyber security.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.

Government Communications Security Bureau (GCSB)

Government Communications Security Bureau (GCSB)

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

Agio

Agio

Agio is a hybrid managed IT and cybersecurity provider servicing the financial services, health care and payments industries.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

Disecto Technologies

Disecto Technologies

At Disecto, we provide SaaS based Data Discovery, Classification and a remediation solution for data privacy compliance.

Cloudsmith

Cloudsmith

Cloudsmith is the only cloud-native, global, universal artifact management platform for securely developing and distributing software.