When you think about these nefarious bad guys trying to steal your personal information on the Internet, what do you imagine? Perhaps a slight young man with a hood covering his head, sitting alone in a dark basement that you can only see thanks to the light from a computer monitor. It could be that he has bizarrely hypnotic eyes or an impressive beard.
Also, what do you think this “bad guy” is doing? You would probably think of someone who opposes big corporations or corrupt politicians, playing a classic anti-hero role. Or, possibly, someone of the antisocial and envious villain type who is trying to sow chaos and disrupt the order of a world that has rejected him.
Our pop culture perception of cybercrime revolves around clichés like these, and for one reason: they are considered “fun.” But that doesn’t make them real.
When that’s the cybercrime image you have in mind, it’s easy to feel that you can avoid being a target of cyber criminals simply by keeping a low profile. No one is going to try to hack your personal email and blackmail you if you don’t piss off a vengeful villain, right? It won’t even infiltrate your company’s network if you’re not polluting the world or taking bribes from authoritarian regimes, is it?
Based on these stereotyped pop culture images, it’s easy to believe that most people have nothing to fear. They’re not interesting enough, big enough, or cruel enough to be a target of interest for a vengeful anti-hero.
However, the reality is that many of the faces of modern cybercrime are not what we see in the movies.
They’re much harder to recognize, precisely because, in many cases, they look a lot more like legitimate business owners than you’d expect. The day-to-day work they do to steal personal information and harm business is quite tedious.
After all, what motivates a modern-era hacker?
Personal information as currency
Personal information is an important currency in the illegitimate “business” of these hackers.
When stolen and aggregated, personal information can be sold for a considerable sum, and it’s much easier to try to access your business data than to collect your own to sell.
In many cases, it doesn’t even take a lot of effort: many sites in the darkest corners of the Internet sell aggregated collections of email addresses and passwords that have been gleaned from past data breaches. From there, it only takes a little unsophisticated programming to use these aggregated emails and passwords to try to log in to different sites over the Internet.
In that case, it doesn’t matter who you are. You don’t have to be an attractive target, you just have to be a possible target.
These guys aren’t only interested in targeting the biggest and most valuable companies. It’s a matter of quantity: taking a few thousand emails and passwords, seeing how many of them work on high-value services (such as email providers or CRMs), then seeing what kind of data you can get from these accounts to sell. Or how to use these accounts to spread phishing or ransomware emails. It’s a numbers game.
Cash flow, not world domination
Companies are aware of these types of attacks on their websites and have safeguards in place to fight them. Attackers can breach these protections if they wish.
With cybercrime costing the world a little less than a trillion dollars in 2020 alone, it’s clear that these organizations are redoubling their efforts because they know, like you, that there’s a lot of value in the information and tools their businesses use. The best thing you can do is protect yourself and your business with tools like multi-factor authentication.
If you need more proof that these beings are entrepreneurs from a bizarre world, just read the statement released by Darkside, the group whose ransomware attack brought down the Colonial Oil Pipeline and sent gas prices skyrocketing in May 2021 .
These groups are interested in cash flow, not world domination, and they use things like ransomware to make big companies and organizations pay them.
In these cases, larger organizations are obviously more attractive targets, but ransomware against individuals in phishing scams can also pay off a fair amount.
Start protecting your business
When thinking about hackers in the future, I want to propose something different than someone who looks like Rami Malek or Keanu Reeves.
Many of the hackers look and behave like legitimate business people, even if they do illegitimate things. Maybe they even work normal hours from nine to five. Maybe they take a vacation with kids and partners. They are also trying to build a business, but that business is built on the theft and exploitation of your company and your customers’ data and trust.
As the keeper of your customer data, you must do everything in your power to keep that data safe.