British Airways and Facebook have hit headlines recently when they became the latest in a long list of high-profile organisations to fall victim of a data breach at the hands of malicious hackers. Events like these inflict significant reputational damage on brands involved, while the customers affected face inconvenience, and perhaps more importantly, stress and uncertainty over what it really means for them personally.
But what about the hackers? What do they stand to gain from an attack like this? And who are this mysterious new breed of cyber criminals?
It’s child’s play
I personally started hacking at the age of eleven. It really stemmed from curiosity and a healthy appetite for mischief. While my first ‘hack’ involved a soldering iron and a friend’s Sony Walkman, I quickly moved onto modems, dial-ups and into the systems of a couple of companies – notably one of the ‘big four’ consultancy firms, which subsequently recruited me to help set up the UK’s first ethical hacking department.
My first forays into hacking were in the early days of the internet, but today there is a generation of talented, curious young people who are growing up living and breathing technology. They are pushing the boundaries of technology, finding flaws in existing systems and connecting with likeminded people anywhere else on the planet. Businesses today face the challenge of harnessing this talent in a positive way, and make helping their business through ‘white hat’ hacking a more attractive proposition than going down the ‘black hat’ malicious hacking route.
The human target
Hollywood movies have created a common idea that hacks involve sneaky individuals getting into systems by hacking direct into the machines themselves in the dead of night. This is no longer the case. Hackers today typically don’t attack computers directly. Computers are hard targets with solid defences, so instead they go for the weak link – the people who use them.
The vast majority of cyberattacks against companies are human-targeted attacks. Unlike machines, people are vulnerable to psychological trickery. Hackers can directly target people inside a company, and by tricking them into opening emails or revealing insufficiently secure passwords, they can then use tools like spyware and malware to take control of systems from wherever they are in the world.
Infiltrating the inbox
Email-based hacking is the fastest growing form of cybercrime. It was the mechanism used by Russian Hackers in 2016 to compromise Hilary Clinton’s campaign HQ, sending emails targeting Jon Podesta and other high-ranking officials to get spyware into the DNC computer system.
While businesses can invest a lot of money to create secure systems, you are only as strong as your weakest link, and unfortunately these systems are used every day by humans. It is vital that employees are urged to stay vigilant and trained in best practices, because it only takes one cleverly worded email for hackers to attack your system from the inside out.
It’s not all about the money
When we see stories like the British Airways data breach in particular, it is very easy for us imagine why someone would want access to more than 300,000 people’s credit card details. This leads many business leaders – particularly those running smaller companies or firms who aren’t directly processing payments – to fall into the trap of thinking ‘nobody would care about our data’ and subsequently take a lax view when it comes to cybersecurity.
While some hackers are of course intent on major financial fraud, that is not the only motivation. Some are intent on little more than mischief, while other might have a personal reason for targeting a particular company, such as ‘hacktivists’ hitting organisations because of a political or social motivation.
The reality of today’s digital world is that your data is your business. Customers, staff and partners trust you with their invaluable data every day, so you owe it to them to keep it safe from the threat of hackers or that trust could quickly disappear.
Tayo Dada is a cyber security expert and the founder of Uncloak.io, the world’s first blockchain powered cyber security solution.
Image credit: Pixabay/Pexels