Meet the Bad Guys After Your Data


Cyber attacks make news headlines virtually every day; businesses and organizations know the threats are out there and that they need to take action quickly because threats are growing in both number and scope of complexity. The reality is, however, that the “bad guys” are likely already on your network and endpoints, poised to steal your business’s data.

But who are they, and what exactly are they looking for? These adversaries come from a wide range of backgrounds, varying in motive and target, but they all represent the major operational and financial threats that organizations face today.

The following are four examples of the most common types of adversaries looking to steal your sensitive data:

1. “Nation State”: This category of hacker is directly employed by an arm of a national government and is typically very well-funded relative to small hacktivist groups and individual cyber-criminals. These entities are motivated by economic, political, and military advantages, increasing the impact of the damage that is possible if they are successful in accessing the data they seek. Nation states are interested in data about critical infrastructure, along with trade secrets, business information, and emerging technologies. This can lead to a loss of competitive advantage for the countries or organizations they target, as well as a disruption to critical infrastructure, which may wreak havoc on the general population. Media and cybersecurity experts alike list China as the most prolific sponsor of nation state hacking. In attempt to stem that tide, President Barack Obama and Chinese President Xi Jinping announced they had “reached a common understanding” to curb cyberespionage between China and the United States in September 2015.

2. “Cyber-Criminals”: The most common adversary thought of when discussing data theft, cyber criminals seek the immediate satisfaction of a financial payout. They typically target personal and credit information, including PII, PCI, and PHI, hoping to exploit the data for their own financial gain. For the individual or organization targeted, this can result in direct financial loss or legal issues, in the form of lawsuits and regulatory penalties. Above all, a breach caused by a cyber-criminal can cause a loss of confidence for the organization, which can be difficult to regain, especially when customer data has been compromised. One of the most worrisome aspects about cyber-criminals is their increasing levels of sophistication and organization. For example, some cyber-crime syndicates use underground call centers to guide victims through the process of Bitcoin payment and data recovery in ransomware attacks.

3. “Hacktivists”: If you haven’t already guessed by the name alone, hacktivists are hackers looking to influence political or social change by pressuring businesses, governments and other entities to change their practices. How do they aim to do this? By attacking the organization’s secrets and business information, including data relevant to key leaders, employees, and customers. Hacktivists take advantage of the data to disrupt normal business activities and put the focus (and media attention) on their own agenda. The target’s reputation is likely to be damaged as a result of this type of attack, which is often a long-lasting effect that extends beyond the initial loss. Arguably, the most well know hacktivist group today is a collective known around the globe as Anonymous.

4. “Malicious Insiders”: Insiders are an often forgotten source of attacks, though they are arguably the most dangerous as they represent trusted employees and partners. Motivated by personal gain, professional revenge, and monetary reward, malicious insiders usually have easy access to the data they are looking to expose or monetize. This typically includes customer data, company financial and salary information, along with employee data, corporate secrets, and notable research that has yet to be released. Like most of the other adversaries detailed above, malicious insiders seek to disrupt business operations and damage the organization’s brand and reputation. In some cases they may be collaborating with cyber-criminals for personal financial gain.

Protecting against these, and all other types of attackers, requires that organizations focus on improving the security of their sensitive data, rather than simply the network on which it resides. As solutions such as Data Loss Prevention continue to come back into the limelight, businesses are starting to see that regardless of whether an attack originates inside or outside the company, they have the ability to prevent the attacker from accessing and exfiltrating the company’s data for their own gain.

Now that you know which bad guys to look out for, don’t let their attacks go undetected. Begin by implementing employee awareness training and choosing an appropriate security solution that protects what is most important to your organization. With your data protected properly, it won’t matter which bad guys you’re up against for your business to remain safe.

Ken Levine is the President and CEO of Digital Guardian. Follow @DigitalGuardian

Trending on Xconomy