Curious to find out what goes through the mind of a hacker? In this post, we’re revealing their targets, tactics, and motivations while arming you with the knowledge to become cyber-aware and stay one step ahead of cyber threats.
Reading Time: 10 minutes
What This Blog Covers:
Meet Hailey the Hacker
Before we dive into the world of cyber crime, let me tell you a bit about me and what I do. While my name isn’t really Hailey, I am an attacker for hire and work as a freelancer of sorts (contracts aren’t exactly common practice in my line of work). When I’m not hacking, I create ransomware kits and steal passwords. So, just like a freelance graphic designer will look for jobs on this platform or the other, I’ll do the same, just on the dark web. Before you judge me, understand that this is an extremely lucrative business and I’m simply meeting the growing demand in the market.
The Perfect Storm: Cyber Crime in 2024
Cyber crime isn’t just a scene in your favourite spy movie, it’s a full-blown crisis that threatens even the smallest of businesses. Ranked 4th in the top five global risks over the next two years by the World Economic Forum, cyber attacks have the power to steal identities, cripple businesses and destabilise economies. To make matters worse (for you), cyber security threats have intensified as the world continues to evolve and make various technological advancements.
One thing you need to know about hackers is that we adapt to the times and are constantly looking for new avenues to expand the cyber threat landscape. This entails taking full advantage of significant world events and looking for vulnerabilities in the market. For example, given that approximately 49% of the world’s population is voting this year, Time has deemed 2024 the official election year. This creates a plethora of opportunities in the cyber crime industry.
Yes, many companies have invested in various cyber preparedness strategies, but for the most part, none of these initiatives are as mature or robust as they should be. From insufficient budgets and limited support from management to solely relying on Microsoft 365 security solutions, there are large gaps in many businesses’ defensive measures. It may come as no surprise, but your people are the biggest cyber security gap.
Exposing Modern Work Vulnerabilities
No matter the size of the business, your people are your biggest risk. We cyber criminals prey on the two things that lie outside of cyber security’s control: human risk and collaboration tools.
The Problem with Your People
Of all the cyber security gaps, human risk is by far the biggest. According to Mimecast’s State of Email and Collaboration Security (SOECS) 2024 report, more than two-thirds of their respondents believed that employees are putting their organisations at risk through misusing their email, oversharing company information on social media and browsing the web carelessly. Before you start looking around for who to fire, you should 
know that a breach in security is not your people’s fault – they just don’t know better and in most cases, I’m able to sneak in undetected.
Human error is largely due to employees not having the ability to recognise and respond to cyber threats, and whether security protocols for remote workers are strictly enforced. So, we heavily rely on your lack of cyber threat awareness and training to unintentionally give us the keys to your precious data.
Remote Work: The Cyber Criminal’s Dream
The rise in hybrid and remote work further expanded the attack surface and significantly increased the prevalence of cyber threats. Given that collaboration lies at the heart of the world of modern work, people, communication, and data are our main points of entry into your business. Now, what’s the first thing you think about when it comes to how an organisation communicates? That’s right, email – which is why it remains the number one attack vector for cyber criminals. This brings me to my bread and butter: phishing.
The Three Horsemen: Phishing, Ransomware, and Spoofing
Most of my gigs have been in what you call ‘the terrible trio’ or ‘the three horsemen’: phishing, ransomware, and spoofing. Let’s break these down a little:
- Phishing: Your emails are the perfect place for me to lure you into revealing sensitive information by pretending to be a trusted entity. If email doesn’t work, I also phish through text messages, social media or other platforms.
- Spoofing: Similar to phishing, this is when I masquerade as a trusted person or source in order to gain access to confidential information or resources. I usually do this by forging email addresses, websites, or even text messages.
- Ransomware: This is the ultimate goal: disseminating a type of malware that restricts access to your computer system or data until a ransom is paid. Ransomware entails encrypting files, locking you and your entire organisation out of your systems, or holding data hostage.
The bottom line is that cyber criminals are after your data because we know that most of you will go to great lengths – like paying us a pretty penny – to get it back. Through the masterful art of coding and deception, we have the power to eat up all your profits, damage your reputation and cause a legal tsunami by sharing personal information. Think catfish but with much more devasting consequences – the worst of which are experienced by small and medium-sized businesses (SMBs).
Why are SMBs Targeted?
You may be wondering why I’d target multiple SMBs instead of larger enterprises because that’s where the money lies right? Wrong. SMBs are prime targets because:
- Easier Targets: SMBs are less likely to have strict cyber security tools and protocols in place compared to larger corporations – making them much more vulnerable to cyber attacks. Because SMB IT support tends to be quite limited, it’s easier to work smarter and not harder.
- Valuable Data: Even though SMBs may not turn the biggest profit, their valuable data – such as customer information, financial records and intellectual property – is worth so much more.
- Lower Risk, Higher Reward: The chances of getting caught targeting a smaller business are significantly lower, and the payoff is quite high.
- Stepping Stone: In some cases, I use SMBs as entry points into larger networks, like their clients or suppliers.
- Lack of Awareness: Many SMB owners and employees underestimate the risk of cyber attacks, making them more likely to fall victim to my phishing scams and other hacker antics.
This is why in my line of business, it makes much more sense to attack hundreds of small businesses – seriously, even one woman shows – instead of targeting the Fortune 500s that each have dozens of IT professionals (and lawyers) that could easily stop me dead in my tracks.
It’s Time to Get Cyber Prepared
Speaking of which – and I really shouldn’t be telling you this – but your SMB should be investing in cyber preparedness. With an emphasis on people, processes and technology, investing in cyber preparedness significantly reduces cyber risk.
Here are a few things that you should be thinking about when looking to protect your people, processes and profits:
Allocate More Resources
Remember when I said that most cyber risk is due to human error and that your people were not at fault? A lack of resources is a big part of the problem. While many business leaders are well aware of the gravity of cyber threats, limited budgets have proven to be quite the challenge – especially for SMBs. As costly as cyber security investment is, the price pales in comparison to the ransom I’d demand from you.
Whatever cyber security support you choose to incorporate into your cyber investment strategy, cyber security training – like phishing simulation tests and awareness training – needs to be at the top of the list. It’s important to remember that cyber security training is an ongoing investment and needs to be prioritised across every facet of your business. For example, Babble has mandatory monthly cyber security training sessions, through their partner Mimecast.
Tip: Test each person’s proficiency in cyber security and then create varying levels of intervention and training based on how much – or little – they know.
Zero Trust for the Win
While Microsoft 365 has robust security measures, cyber threats are evolving at lightning speed so you need more than one security solution to stay ahead. Businesses must adopt a dynamic, Zero Trust approach to thrive in this high-stakes environment. I get it, budgets are tight but trust me, when it comes to cyber threats you want to be as protected as possible.
DMARC: Your Email’s Digital Bodyguard
Another integral part of your cyber security strategy should be Domain-based Message Authentication, Reporting and Conformance (DMARC). Put simply, DMARC is a digital fingerprint for emails. It verifies that an email truly comes from the claimed sender, and not a crafty imposter like me. This powerful tool prevents me and my fellow phishers and fraudsters from spoofing your email domains, further providing the small business technology support you need. However, you should be warned: implementing DMARC can be gruelling and time-consuming – but it’s worth the effort.
In my experience, where today’s cyber preparedness strategies fall short is in how they are implemented. Leadership tends to endorse various security initiatives but fail to allocate the necessary resources to see these strategies through. It’s crucial to treat cyber preparedness as a living thing that constantly needs to be fed and cared for – not a one-time quick fix.
Think Like a Hacker, Protect Like a Pro
So, there you have it – a glimpse into the mind of a cyber criminal. While it might be tempting to view us as faceless, hoodie-wearing villains, the reality is often far more underwhelming. We exploit vulnerabilities, capitalise on human error, and leverage technology to achieve our goals.
But remember, knowledge is power. By understanding our tactics, you can fortify your defences. While IT solutions for businesses come in many shapes and sizes, you should invest in robust security measures and prioritise employee training. Above all else, stay vigilant: cyber preparedness may lower cyber risk, but it does not come close to eliminating it – we’re here to stay. The battle against cyber crime is an ongoing one, but with the right strategies, you can significantly lower your risk and gain peace of mind.
Click here to find out how Babble can help you take your cyber security to the next level.
