Although a lot of literature has been written about the technical aspects of securing a network, not much is available about who your enemies are and what motivates them to attack. Before you can determine how to protect your organization, you must learn to think like a hacker, figure out where you’re vulnerable, and then develop a game plan to reduce your exposure. If you can understand who would want to do you harm and what can be gained from such harm, you can better protect your company and your information. Make the following assumptions:
- You do have professional adversaries.
- You are on their target list.
- You will be attacked some day.
- You cannot afford to be complacent.
The motivations of attackers can be varied and complex. Hackers are often motivated, in part, by their invisibleness. Today’s more sophisticated hackers are often also motivated by the prospect of a big payday. On the Internet, a hacker can “peek” into a company’s private world—its network—and learn a lot while remaining anonymous.
Some individuals are just curious to see what they can learn about your company or individuals within your company. These hackers often don’t have any malicious intent and are unaware that their actions violate security policy or criminal codes. That does not mean that these casual hackers are any less dangerous, however.
Other hackers are simply trying to help. You’ve probably been in this category once or twice yourself. In your zeal to be helpful, you bypass security policies to fix problems or accomplish emergency assignments. You might even believe that your efforts are more efficient than following established guidelines and policies. Nevertheless, the bypassing of known security policies is one element of hacking a network.
Some individuals act with malicious intent, engaging in acts of sabotage, espionage, or other criminal activities. They can become moles, stealing information to sell to competitors or foreign groups. Some simply enjoy destroying the work of others as well as their own work. Others act out of revenge for a real or perceived wrong committed against them, or believe they are acting in line with a strongly held belief system. Still others are more methodical and hardened and turn hacking into a career; they might even take employment just to do your company harm.