Many organizations work with their own red team. A red team tries to think like a criminal and gain unauthorized access to the organization. The goal of a red team is to expose weaknesses. Therefore, they have the same resources as criminals, and a good red team can essentially get in anywhere (and thus real cybercriminals can too!).
But how does a criminal actually think?
Actually, it’s quite simple; most cybercriminals just want to break in and take money. And they try everything to achieve that. Sometimes it’s easier than we think. We might be busy keeping software up-to-date and patching vulnerabilities, but not so strict with passwords. And that’s the first thing a criminal tries: searching for passwords. Because if they find a password, they can enter your systems legitimately and under the radar.
But where should your security ambitions lie? That mainly depends on the type of criminal you’re dealing with:
- Hacktivism: These are activist groups or rebels, often associated with physical actions that are highly visible to the general public, like blocking highways. But these groups are also moving into the digital world and seeking new ways to make their point. We’ve already seen certain organizations taken down by so-called DDoS (Distributed Denial of Service) attacks. Such an attack overloads a company’s website so severely that it becomes inaccessible.
- Organized crime: This is the most common and largest threat category for most companies, where the financial interest that can be gained is paramount. These criminal parties are full-fledged and mature organizations with, for example, HR or recruitment departments and a helpdesk. For instance, the hacker group that calls itself ‘Conti’ has amassed a fortune of €20 billion in stolen bitcoins in just a few years. For them, it doesn’t matter whether you’re a large or small organization or what you do, as long as there’s money to be made.
- Insider threat: The insider threat looks for a vulnerable employee who might be financially strapped and willing to temporarily sell their company account. Criminals thus find a creative way to gain digital access to a company. We see that the internal employee can sometimes be the source of a cyberattack. It yields a lot of money for the insider to sell access for just a few days. So selling your password or installing a tool on your PC for the criminal that gives them access to the company network. This might seem far-fetched when you think of your own employees, but it’s becoming increasingly common.
- Espionage: A threat category where the criminal is primarily looking for confidential data. Think of R&D data or information that provides insight into the economy. The theft of confidential data happens unnoticed and often by other countries (state actors).
- Terrorism and sabotage: This form is often more focused on public organizations where disruption of society can be achieved. It may be in the interest of a state actor to create social unrest, causing the country to focus on the internal crisis and less on external conflicts.
Espionage, terrorism, or sabotage may not seem applicable to your company, but think about the entire chain in which you operate. A company like ASML has an enormous amount of intellectual property that foreign nations are willing to invest a lot of time and energy to access. So even if your company might not seem interesting for these types of threat motives, if you’re in that chain, you are.
Which type of criminal are you most vulnerable to?