Cybersecurity for Busy Executives – The Different Types of Attackers

81% of large companies have reported a cyber breach at some point and the average cost of a breach is between £600k and £1.15m[1]

‘Nearly half of UK businesses identified at least one cyber security attack in 2016, according to UK government data.’[2]

In order to defend your organisation from cyberattacks, it is worth understanding the different profiles of attackers because some organisations will only be randomly targeted, whereas others, particularly large multi-national corporations, will be targeted specifically.  In order to protect your organisation as well as possible, it is important to understand the motives of the different types of potential attackers.  Each type will also likely use different methods of attacking your organisation and we will discuss different attack methods later in the series.

Broadly, these are the following different types of attackers:

1.     Cyber criminals

2.     State Sponsored

3.     Industrial Competitors

4.     Hackers

5.     Hacktivists

6.     Employees

We will now explore each one in more detail:

1.     Cyber Criminals.    This type of attacker has become far more prominent over the past 5 years since traditional criminals have realised it is easier to make money illicitly through cybercrime than traditional crime, and they are also less likely to get caught.  Issues around jurisdiction also mean that it is far harder to catch and bring charges against people who are committing cybercrime.  These types of hackers will generally commit fraud or make money from selling individuals’ or companies’ financial and sensitive personal data, looking to redirect funds.  Ransomware is also a common methodology.  Potential attackers have access to an entire ecosystem of tools which can be rented or purchased to help facilitate different types of attacks.  They are based all around the world, but there is a prominence in Eastern Bloc countries where there is a high standard of computer programming and a tendency to turn a blind eye to the state. 

Their characteristics are as follows:

2.     State Sponsored.  Often linked to Industrial Competitors (below) and they have overlapping goals, including spreading misinformation, facilitating economic instability, gaining economic advantage and to steal Intellectual Property.   They are:

3.     Industrial Competitors.  This group are more interested in gaining economic advantage for their own company and stealing Intellectual Property.  A recent study puts cost of cybercrime at $24 billion to $120 billion in the U.S. and up to $1 trillion globally.[3]

4.     Hackers.  This is a wide range of individuals and they will often work for some of the other types of attackers, and also draw some of their tools from the other groups.  These are often individuals who see breaking into an organisation as an intellectual challenge.  Often this is just a hobby for some, but for others they want to gain notoriety and to increase their standing within the hacking community, who communicate through forums and message boards.  State sponsored hackers often make some of their tools available for the rest of the Hacking community.  The two different types are:

a.     Hobbyist.  Often known as ‘script kiddies.’ 

b.     Professional Mercenary.  Can evolve from the ‘Hobbyists’ in order to make money.

5.     ‘Hacktivists.’  These are usually Hackers who are ideologically motivated, anarchists or anti-capitalists.  They usually attack companies or Governments for political or ideological reasons.  They attack commercial entities for anti-capitalist reasons or if they disagree with how the corporation behaves and what they stand for.  They may also be disaffected by social and economic inequality.

6.     Employees.  These can be malicious employees acting as insiders or those making errors accidentally.  We will mainly focus on malicious insiders in this instance.  This is more commonly known as the ‘Insider Threat,’ encompassing all threats from employees, malicious or accidental, and is often the largest vulnerability to any organisation.  This is contrasted between employees supplying information unwittingly to hackers who wish to gain access to the company’s IT estate and data; or disaffected employees who are maliciously stealing data or assisting hackers in their attempts to access the organisations IT estate and data.  We will discuss this in more detail in later blogs, but organisations with strong cultures, where employees genuinely buy into company goals, are less likely to have malicious insiders, and will also be more likely to spot insiders, malicious or otherwise. 

So, that’s the end of our third blog.  Next week we will be giving an overview of some of the most common attacks.

Download this article in PDF

[1] CESG, ‘Common Cyber Attacks: reducing the Impact.’

[2] City AM, ‘Access Denied: The fight against cyber criminals.’ – https://www.cityam.com/281657/access-denied-fight-against-cyber-criminals

[3] ‘The case for enhanced protection of trade secrets in the Trans-Pacific Partnership agreement,’ US Chamber of Commerce: