Cyber threat actors, be it state-sponsored, organised hacker groups, hacktivists or lone wolf individuals pose a threat to organisations worldwide. Understanding the mind of cybercriminals is essential so that your organisation knows how to deal with them should you face any threats.
Most of the business community understand that they are at risk from a potential cyberattack. But what they are not always sure of is the motivation and thought process of the perpetrators; understanding this can help shape your defence. By understanding the mind behind the cybercrime and also learning the personality traits of cybercriminals, businesses would be able to be more vigilant and also be aware potential threats, both internal and external.
According to a study by the Cambridge Centre for Risk Studies, “certain cybercriminal groups share significant strategic overlap in motivations and aims with their native state government, sometimes resulting in clandestine collaboration or tacit sanction of damaging cybercriminal activity.”
For lone wolf attackers, they “adopt the entire burden of attack research and development. The individual cannot depend on others for different elements of an attack or campaign or rely on the external funding necessary to carry off an attack of great sophistication. Furthermore, lone wolves have the potential to function either individually, or as an ancillary, to every threat type, including cyber terrorists.”
Looking at the psychology of hacktivists groups like Anonymous, you will see that they are not interested in disrupting critical infrastructure. However, hacktivists are known to exploit and embarrass companies with poor security. Malaysian organisations have been victims of hacktivists and lone-wolf attacks many times. The most recent being the website of major university which had its webpage defaced. Again, these attacks happened due to emotions being felt by the attackers.
The same thing can happen to businesses as well — all it needs is for an unhappy client, customer or your employee to exploit your organisation. Attackers from within your organisation can be a bigger threat as they would know your weakness.
In light of this, CyberSecurity Asean is organising a discussion with peers and counterparts to discuss strategies to get “in the heads” of Cyber Attackers and better protect the organisation’s data protection. A group of High-level Security Peers will explore how a cybercriminal thinks and plans their attack, and why having this insight is crucial to protecting business and meeting data privacy compliance.
CyberSecurityAsean.com Group Publisher Andrew Martin will share what other countries around the world are doing in this area together with Cyber Security Malaysia’s winning team from the Asean Capture the Flag Competition who will describe how they get in the head of an attacker. IBM’s Glen McFarlane and Sunil Prabhakaran will explain why guidelines such as Personal Data Protection (PDP) are compelling organisations in all industries to carefully review their cyber security and privacy programs to protect Enterprise Data which includes Personal Information of Individuals (PII), Intellectual Property, Strategic Information etc.
To summarize, your enterprise data represents your intellectual capital, competitive differentiator and the lifeblood of your organization. IBM believes that Organization’s data security and protection program should empower their security teams to automatically analyze what is happening across the data environment - both structured and unstructured data.