In today’s digital playground, the term ‘hacker’ conjures images of shadowy figures typing away in dark rooms, far removed from the ordinary lives most of us lead. But what if the truth is much more mundane, much closer to home than we’d like to believe?
The personal stories of cybercriminals like Aleks, recently put under the spotlight by Cisco Talos researchers, reveal that they have more in common with the average office worker than meets the eye.
Understanding who hackers are and what motivates them is a cornerstone in developing more effective strategies to protect against the ever-growing wave of cyber attacks.
With this goal in mind, let’s dive into the reality of a hacker’s world, one which may not be as alien as you think, and examine how shifting our perceptions can arm us against them.
Hackers: Not Just Black Hats in Basements
The year is 2024, and cybercrime is expected to levy a staggering $9.5 trillion price tag on the world economy.
But who are these hackers, and what compels them to commit such costly acts? If the case of Aleks and his interactions with the Cisco Talos team is anything to go by, hackers might just be people like us — individuals with family, hobbies, and the mundane pressures of daily life.
The Many Faces of Cybercriminals
The stereotype of the antisocial, hoodie-clad young man doesn’t fit the true diversity of the hacker community.
Much like any other field, it spans a range of ages, genders, and ethnicities. The emerging profile is not just young white men; it’s also women, people of color, and surprisingly, individuals from affluent backgrounds, not just the disenfranchised.
However, there is a dominant profile of “black-hat” hackers who are mostly male, under 30, start young, have an above-average intelligence, well-educated, and generally not from a low socio-economic background.
A Cybercriminal’s Work is Surprisingly Corporate
If the LockBit ransomware operation is indicative of anything, it’s that hacking requires a certain corporate structure.
IT support, customer service, and business development are as integral to the success of a cybercriminal enterprise as they are to any legal business. Yes, these illicit outfits even have press releases and job postings that tout their twisted values.
The Puzzle-Solving Psyche
There’s a common thread that weaves through every hacker’s mind: a love for puzzles and challenges. It’s not just money that drives these individuals; it’s the hunger to do what others cannot, to break what’s deemed unbreakable, especially if said target garners lots of public attention.
Cybersecurity specialist Mark T. Hofmann suggests that even wealthy hackers continue their crimes not out of need, but out of greed.
On the Prevention Frontline: Human Error and Education
Here’s a sobering thought — 90% of cyber attacks succeed because of human error. This is why understanding the hacker mindset is only half the battle.
The real game-changer is educating those who aren’t cyber-savvy — making employees aware that every click, every opened attachment, and every plugged-in flash drive could be an entry point for these digital marauders.
As companies scramble to secure their digital frontiers against these surprisingly ordinary adversaries, it is clear that inspiring cyber hygiene across the workforce is our best defense.
A well-informed employee might just be the key to fortifying our data against the unexpected knock on our network’s door — a knock that might just come from the hacker next door.
Importance of Security Awareness Training
Security awareness training is essential to educate individuals about cyber threats and to prevent or mitigate harm to both the organizations and its stakeholders.
Statistics show that 70% of data breaches in 2023 involved human error, with the average cost of a data breach being just under $4.35 million.
Only 11% of businesses provided cybersecurity awareness programs to non-cyber employees in 2020, highlighting the need for broader training.
Seven key reasons for the importance of security awareness training are outlined below:
1. Preventing data breaches and phishing attacks by educating employees on cybersecurity threats.
2. Creating a culture of security within an organization, which is difficult yet essential.
3. Complementing technological defenses against cyber threats, as people operate and maintain these technologies.
4. Reassuring customers and partners about the organization’s commitment to security, thus fostering trust and loyalty.
5. Meeting compliance requirements; however, compliance alone does not equate to actual security.
6. Contributing to social responsibility, as cyber threats can spread and affect a wider network beyond the initial target.
7. Improving employee wellbeing by equipping them with skills to protect themselves in both their professional and personal lives.