What motivates the cyber criminal?

Published on 17 April 2018

What motivates a cyber criminal? Given recent events with Wannacry and Petya, it’s a question many in the business world are asking. Even more so when the types of cyber criminals they’re dealing with is not an outsider trying to break down the walls, but one of their own employees using their knowledge of the company to exploit vulnerabilities in networks and systems.

The insider risk to an IT network isn’t new. We’ve covered them on this very blog a few times in pieces about unintentional breaches and protecting against the social engineering tactics that can end up with an otherwise exemplary employee unwittingly sharing a password or access point.

However, there’s a difference between a careless (or plain unlucky) insider and a malicious insider – one who’s quite deliberately using their knowhow and privileged access to undo your business. From our experience, we’ve seen three things that motivate these people: revenge, financial gain and ideology.

1. The Revenge seeking insider

Most revenge-motivated hackers are on the warpath because they’ve recently suffered a lay off or termination. For example, in 2017 The Washington Times ran a story on a systems administrator charged with criminal hacking after being asked to resign on the company’s request. While Donald Trump’s Twitter account was brought down by a Twitter employee having some fun on their last day.

Both stories demonstrate the power of an ex-employee who holds ill will towards their old paymasters. But it’s not just people who’ve gone that can pose a problem. Employees passed over for promotions, or who have a poor performance review, can also go rogue.

2. The Ideological hacker

To quote Michael Caine playing Alfred in The Dark Knight:

Some men aren’t looking for anything logical, like money. They can’t be bought, bullied, reasoned, or negotiated with. Some men just want to watch the world burn.

Many of the major data incidents over the past few years have been driven by an insider. And while some do it for what they perceive to be a social good, such as Edward Snowden, many do it because they simply want the IT networks and structures around a business to fall apart. According to a recent Guardian report, teenagers are more likely to think this way than others.

Ideological internal hackers can be a CISO’s worst nightmare. There’s no real reason for them to enact a cyber attack, but they’re doing so anyway. It’s even possible that your business might be caught in the crossfire of a bigger attack – remember, many of the victims of Wannacry were small, local businesses like stores and hair salons operating with legacy operating systems.

3. The financially motivated hacker

Probably the biggest problem for businesses, above revenge and ideology, is the financially driven internal hacker. These people not only have the means, they also have the biggest motivation to hack data – either selling it back to you, or selling it to others.

While there are many different sets of data that can be hacked by financially driven insiders, the two that should concern businesses most are customer data and IP.

Loss of the former has the potential to severely damage a business’ reputation. There’s no end to the number of online stories about big businesses suffering severe breaches and having to make amends (Yahoo, GitLab, Equifax – take your pick). Add to that the hacker being an employee who’s then selling data back to the business and you’re in big trouble. Especially with the advent of the GDPR next month.

Intellectual property hacks, meanwhile, represent the loss of a business’ most prized asset. It could be source files, drug recipes in pharma, merger plans or financial results. For example, in 2015 an employee of Wilson Sonsini Goodrich and Rosati made almost $300,000 by trading in advance of merger announcements before being caught.

Whatever the data hacked, many businesses might willingly pay to get it back, and hackers know that.

Today’s hack landscape is varied and complex. There’s a lot to think about and a lot to protect against on the outside, before even thinking about inside. But it’s nonetheless essential for businesses to think about potential hackers within their own walls, understanding what motivates them, and having the systems in place that will keep them at bay.

Want to understand more about insider threats? Download our The Rogue Privileged user eGuide now.

by Balabit

Balabit, a One Identity business, is a leading provider of Privileged Access Management (PAM) and Log Management solutions. Founded in 2000, Balabit has a proven track record of helping businesses reduce the risk of data breaches associated with privileged accounts.

share this article
Mitigate against privileged account risks
Get in touch

Recent Resources

The top IT Security trends to watch out for in 2018

With 2017 now done and dusted, it’s time to think ...

The key takeaways from 2017’s biggest breaches

Like many years before it, 2017 has seen a large ...

Why is IT Security winning battles, but losing the war…?

When a child goes near something hot, a parent will ...

“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”

– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser