Cyber security – the 6 + 1 types of attackers

There is always talk about cyber security.   It is an ongoing conversation that has a number of levels.   The security experts have a totally different language than the small and medium business owners and not for profit organisation managers when it comes to discussing how you are going to protect your assets.

The problem with these discussions is that business does not understand the levels and groups that the attackers come in.   Each level has their own level of attack and their own levels of motivation.   Lets briefly discuss each one:

Script kiddies

These are at the bottom scale of the bad guys tree.   They’re are the school kids or collage students who are doing it on a dare, peer group pressure or the social outcasts who are targeting their tormentors.   They use programs (scripts) that have been developed by others and then downloaded to gain notoriety and fame. This group comprises the majority  of hackers on the Internet.

The hacking group

Best described as a loose group of script kiddies.   They are more powerful than the standard script kiddies because the are numerous and attack individuals in a concerted effort.  Protection from this level of attack comes down to vigilance and patching.   They use exploits that have been publicised as their attack vector.   Patch the hole, protect the business.

Hactavists

These are a hacking group with a political or social agenda.   Their attacks are similar to the hacking group but they are very targeted, very focused and can be very damaging for the targeted organisation.

Professionals

This is by far the most dangerous group of hacking individuals and they will be the most destructive and focused in the future.   They possess expert coding skills and they are targeting organisations for information.   They tend to leave little trace of what they have done, what they have stolen and worst of all how they got in.

SME organisations will be targeted as a path to higher and more important organisations through low level targeting.

For instance.   I am a sub contractor for a government department, I invoice the department for work done.   I have told the world through press releases and write up in the web sites that we have won a contract to do something.   As a professional hacker, I target your system and gain access.   With that access I send an infected email (fake invoice, spreadsheet) to the government department this in turn is opened and now infects the department.   You have unwillingly become an attack vector for a professional hacker.

Criminals

The virtualise criminal gang are after what all criminal gangs are after, money and power.   They use sophisticated systems and expert coders to achieve this outcome.   Some criminal enterprises are so subtle that the infected parties do not know that they are part of a criminal enterprise.

They attack in similar ways to the professional hacker as they have highly educated and laser focused to achieve their aims.   These are the group who are targeting payment gateways and online stores.

Countries

These are the attackers who have been coerced or volunteer to help their nation gain access to other countries information.   They are at the top of the hacking tree as they not only have the education but also the financial backing to target other nations.    Little is known about these hackers but they are an emerging threat.

Automatic tools.

These are usually the first indication that you organisation is being targeted by a cyber attack.    These will be the future attack vector of all of the above criminal types.   They are easy to create, easy to release and hard to counteract making them the first point of attack for any cyber attacker.

Businesses can limit their vulnerability by recognising the threats and putting simple safeguards in place.

1) Ensure computers run up-to-date software. Patching of hardware and software reduces the number of vectors that can be used in an attack.

2) Educate users about good security practises.   Complicated password, security policies and procedures make this easier.

3) Mums the word dont let secrets spill.   Keep social media under control.

4) Test yourself, fix, then test again.   Implement protection, test, secure and test again.   Document changes.

5) Put decent barriers in place (technology hardware and software)

6) Hire an expert to help

 

Let’s talk about business security!

Let’s talk about protecting your business assets, including data, staff, intellectual property and customer information!

Let’s talk about ICT outsourcing and managed technical support!

Roger Smith has been in the computing, ICT and the business security space for more than 20 years.   His time has been devoted to helping his clients to create a secure and stable working environment.   This allows them to do business without the added problems associated with ICT issues.  He has also been helping his clients through his managed IT services, his security system design and by helping them to create a resilient business.

Want to create a more secure business environment so that they can become compliant, certified and cyber resilient.  A whole of business security course (The S.M.A.R.T Course) for small and medium business and not for profit organisations.

Follow – web site Twitter LinkedIn

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply