Building up a picture of a hacker’s identity, motivations, skillset, and socio-economic background can be crucial for informing defensive cyber security strategies. So what sort of characteristics are most revealing, and how can such information be used defensively?
Finding the motivation
Understanding a hacker’s motivation is key for predicting how they are likely to operate – for example, what information, assets or infrastructure are they looking to target, and to what end? Once businesses know this, they can build more successful defensive strategies.
This is why cyber events need to be viewed as a narrative: a story with a beginning, middle and end. If businesses can create characters and personas inside these stories that are well defined with their own attributes, they can then start to determine what their goals may be.
>See also: Inside the mind of a state-sponsored hacker
Today, hacking is not all dark rooms and lone wolves however. Instead, it can be governments operating with significant manpower and resources to accomplish a wide range of goals, in a coordinated manner.
Knowledge of cyber criminals, therefore, has evolved past the point of viewing them as individual players, but instead playing a part in a larger, multi-national organisation. They can be engaged on a short to medium project (persistent DDOS co-ordination for example) or an individual project developing malware, for example. Think of them as consultants working for a large multinational organisation – they may even have a career path and all the trimmings that go with that.
Tracking the hacker
While some hackers go to some lengths to protect their identities, others are more careless. In certain circumstances, it is relatively easy to trace an individual. For instance, so-called ‘script kiddies’ are easier to find as they tend to use pre-existing scripts or codes rather than writing their own.
Alternatively they might boast something on social media, or perhaps try to sell something on the dark web that can be traced to them.
Moving towards increasingly more skilled attackers – from the opportunist smash and grab, to the calculating, well-resourced and determined ‘cat burglar,’ it becomes less feasible to know with absolute certainty who the individual hacker or teams of hackers are.
At this point, utilisation of next generation cognitive solutions is the game changer, helping to rebalance the scales towards the defender.
Advanced tools can now perform complex analytics that will help to build up a greater picture of an organisation’s network activity and cyber defence than they have ever had before.
From black to white hat
There is huge variation in types of hacker, with different ‘hats’ from black to white or grey, with the colour indicating their level of criminality or ethics. Hollywood movies like to pitch the storyline that black hat hackers are the best of the best. It’s an overly romantic idea that is not what is necessarily seen in real life.
There are much easier and better ways to get a career in cyber security than dabbling in the ‘black arts.’ In fact, currently there is a global shortage of good cyber security professionals. So if you want a professional career in cyber security, it is possible – but education is the best stepping stone, not illegal hacking.
That’s not to say that reformed black hat hackers can’t later build a legitimate career. Look at Kevin Mitnick for example – previously one of the FBI’s Most Wanted, now a trusted security consultant to the Fortune 500.
The insider threat
Of course, businesses also face a significant threat from the inside. Insider threats are currently responsible for 60% of attacks facing businesses, but roughly a quarter of these attacks are the result of users’ credentials falling into the wrong hands via phishing attacks or other techniques.
Those that are deliberate hackers will find it increasingly difficult as organisations seek to implement user behaviour analytics, which can detect and prevent insider threats.
For example, this type of technology can alert analysts to a user logging into a server for the first time, from a new location and while using a privileged account, indicating a deviation from their normal behaviour.
So, the best advice to a would-be insider threat actor is – think twice. The so called ‘easy money’ may end up being more expensive than they think.
Know your enemy
So-called ‘threat intelligence-led’ cyber security practices are the future. Businesses are now starting to move past applications that just gather, warehouse and manage data. They are pushing into a cognitive era where the tools we use have become smart enough to make recommendations on the correct courses of action or response for any event.
This approach enables a much faster and more effective response to potentially damaging security threats and breaches. As ever, knowledge is power and the more known about our attackers the better.
Sourced by Jason Flood, CTO of security gamification and modelling, IBM
Nominations are now open for the Tech Leaders Awards 2017, the UK’s flagship celebration of the business, IT and digital leaders driving disruptive innovation and demonstrating value from the application of technology in businesses and organisations. Nominating is free and simply: just click here to enter. Good luck!