From malicious insiders to hacktivists: The usual suspects of cyber crime

Cyber attacks make news headlines virtually every day; organisations know the threat is out there and that they need to take action quickly. The reality is that your cyber adversaries are likely already on your network and endpoints, poised to steal your business’ data.

But who are they, and what exactly are they looking for? Today, the opportunities for cyber attack are so broad in scope that adversaries come from a wide range of backgrounds, varying in motive and target.

Together, however, they represent the greatest operational and financial threat that organisations face, so it’s essential that businesses understand what they’re up against.

The following are the four most common cyber adversaries looking to steal your sensitive data:

  • “Nation State”: This category of hacker is directly employed by an arm of a national government and they are typically very well-funded compared to small hactivist groups and individual cyber criminals. These entities are motivated by economic, political, and military advantages. This means that there is potentially much greater damage if they are successful in accessing the data they seek. Nation states are interested in data about critical infrastructure, along with trade secrets, business information and emerging technologies. This can lead to a loss of competitive advantage for the countries or organisations they target, as well as a disruption to critical infrastructure, which may wreak havoc on the general population. Media and cyber-security experts alike list China as the most prolific sponsor of nation state hacking. In attempt to stem the tide, at the end of last year, President Barack Obama and Chinese President Xi Jingping announced they had "reached a common understanding" to curb cyber espionage between China and the United States.
  • “Cyber-Criminals”: The most common adversary thought of when discussing data theft, cyber-criminals seek the immediate satisfaction of a financial payout. They typically target personal and financial information, hoping to exploit or sell the data for their own financial gain. For the individual or organisation targeted, this can result in direct financial loss or legal issues, in the form of lawsuits and regulatory penalties. Above all, a breach caused by a cyber-criminal can cause a loss of confidence and reputational damage, which can be difficult to regain, especially if sensitive customer data has been compromised. One of the most worrying aspects about cyber-criminals is their increasing level of sophistication and organisation. For example, some cyber-crime groups have set up call centres to guide victims through the process of Bitcoin payment and data recovery in ransomware attacks.
  • “Hacktivists”: If you haven’t already guessed by the name alone, hacktivists are activist hackers who are looking to influence political or social groups by pressuring businesses, governments and other entities to change their practices. How do they aim to do this? By attacking organisations and stealing trade secrets or sensitive business information, including data relevant to key leaders, employees, and customers. Hacktivists take advantage of the data to disrupt normal business activities and put the focus and media attention on their own agenda. The target’s reputation is likely to be damaged as a result of this type of attack, which often has a long-lasting effect that extends beyond the initial loss. Arguably, the most well-known hactivist group today is a collective known around the globe as Anonymous.
  • “Malicious Insiders”: Insiders are an often forgotten source of attacks, though they are arguably the most dangerous as they represent trusted employees and partners. Motivated by personal gain, professional revenge, and monetary reward, malicious insiders usually have easy access to the data they are looking to expose or monetise. This typically includes customer data, company financial and salary information, along with employee data, corporate secrets, and notable research that has yet to be released. Like most of the other adversaries detailed above, malicious insiders seek to disrupt business operations and damage the organisation’s brand and reputation. In some cases they may be collaborating with cyber-criminals for personal financial gain.

Protecting against these, and all other types of attackers, requires that organisations focus on improving the security of their sensitive data, rather than simply the network on which it resides. Regardless of whether an attack originates inside or outside the company, businesses must put the processes and technologies in place to prevent attackers from accessing and exfiltrating the company’s data for their own gain.

Now that you know which cyber adversaries to look out for, don’t let their attacks go undetected. Begin by implementing employee awareness training and choosing an appropriate security solution that protects what is most important to your organisation.

With your data protected properly, it won’t matter who you’re up against for your business to remain safe.

Luke Brown, VP and GM EMEA, India and LatAm at Digital Guardian

Image Credit: Shutterstock / CobraCZ