Once upon a time, not so long ago, companies employed antivirus software and firewalls, and they considered themselves protected from cybercriminals. It was a simple time, full of blissful ignorance.
And then, all hell broke loose.
2017 was one of the worst years on record for cybersecurity. Businesses experienced some of the biggest, most destructive, and most sophisticated attacks in the history of the digital age. But while each data breach cost US enterprises an average of $1.3 million, they taught an expensive lesson IT pros everywhere need to learn: The usual measures relied on for preventing hackers aren’t enough.
How can you stay a step ahead of criminals and protect your organization against cybercrime? Before you can answer that with confidence, you need to know your enemy. During a recent ISSA International webinar, “2017 Year in Review and Predictions for 2018,” Shivaun Albright, HP’s Chief Technologist for Printing Security Solutions, shared how to do just that. By using Stuart Coulson’s Seven Levels of Hacking, she explained who these bad actors are and what to look out for.
“If you really understood the motives of hackers,” Shivaun said, “Then you and your clients would be more proactive in protecting themselves.”
Know the 7 levels of hacking
- Script kiddies: A script kiddie is an amateur hacker who leverages existing scripts to hack for fun, for the thrill, and for recognition. Generally, this type of hacker employs rudimentary programming skills and often doesn’t cause too much damage—but they can still cause plenty of frustration.
- The hacking group: Think of a hacking group as a team of script kiddies. What they lack in sophistication, they make up for in numbers. A hacking group is capable of causing more serious damage and disruption.
- Hacktivists: Unlike cybercriminals who hack for thrill or money, hacktivists act with a moral, social, or political motivation. Anonymous is one example of a high-profile hacktivist organization.
- Black-hat professionals: Black-hat pros are highly sophisticated hackers seeking to penetrate more challenging “big fish” targets, such as government bodies and large businesses. Often, these hackers aren’t looking to cause destruction but to develop new methods and means of cyber attacks or steal valuable data.
- Organized criminal gangs: Organized criminal hacker gangs are highly strategic groups typically led by a professional, seasoned criminal—like if Al Capone was alive today and had expert programming skills. These hackers strive to fly under the radar of law enforcement and are typically seeking monetary gain.
- Nation states: Massive computing power and practically unlimited funds are what make nation-state hackers the most dangerous. Targets often include the military, critical public infrastructure, and major industries, like utilities or financial sectors.
- The automated tool: The final and most dangerous of the seven levels of hacking isn’t a person but a piece of software. This worm or virus-like tool can cause unprecedented amounts of damage in a short time frame and can be leveraged by any of the previous six types of hackers.
Preventing hackers at every level
Every hacker, no matter how skilled, starts by finding the weakest entry point. In some cases, this could be an unsuspecting employee or a vulnerable endpoint. There are two primary ways you can keep their organizations from falling prey to the majority of hackers out there:
Educate all employees on these threats and their responsibilities in preventing hackers—such as keeping passwords updated and identifying and reporting any suspicious communications.
Secure all endpoints—even often overlooked ones, like printers.
2017 was chock-full of cybercrime, and 2018 hasn’t been much better. You can only assume hackers will become more adept and their tools more powerful. By making an effort to understand the threats your organization faces and securing every endpoint, you can reduce your risk of being a victim in the next major breach.