Do you know how to spot a hacker in a crowd? Do you know how they operate? Speaking at the PARIMA Cyber workshop, Horangi, head of incident response and threat intelligence, Angus Thorn told delegates all is not what it seems

Hackers don’t look like we expect. What we see in the movies is what people assume they look like, but it isn’t the case at all and this perception is putting firms at risk.

According to Horangi, head of incident response and threat intelligence, Angus Thorn, the only 9% hackers perform hacks for monetary gain, while the vast majority (66%) perform hacks for entertainment or curiosity.

“They only have to be right once. Risk managers need to be right all of the time when it comes to cybersecurity,” said Thorn.

 But how do hackers do it? Thorn said they need three things:

  1. Means – Does the hacker have the tools (everything is available on the internet)
  2. Motive – Does the hacker want to attack you (financial, political, personal gain)
  3. Opportunity – Have you left the door open for hackers? (Poor connection security, open ports)

“Social engineering is one of the biggest issues businesses face in terms of cybersecurity. It is hard to detect and hard to stop,” he said.

Thorn said cloning websites is incredibly easy to do and a very effective method for hackers because people don’t tend to look at the web address to check; they see logos and other identifying factors and trust the content. He said it takes a hacker, on average, 15 hours to breach a system, but it takes firms up to 250 hours to detect.

Hackers tend to use the hacked information for four reasons – sold online (dark web); leaked to web, used against the firm or used against individual employees.

Thorn added the industries most at risk include healthcare, retail, hospitality, financial services, and manufacturing.

Prevention is an older way of thinking. “Installing a firewall was the way to protect you but times have changed. While prevention is still important, we are more interested in detection and response now,” he said.

Endpoint security, such as antivirus software on laptops, is the most effective hardware available but Thorn said 22% of hackers said nothing would stop them from the hacking mission once they have started.

Response to an attack needs to be as swift as possible in order to minimise the after-effects of an attack, said Thorn. “Ask yourself what is most important to your organisation. Sometimes the loss of money is the most important but for other firms, the intellectual property is more important.”

According to Thorn, the top non-traditional countermeasures for risk manager to use in their business include employee education, bug bounty programs (where the public can test your website and win a cash reward if a weakness is found), penetration testing, vulnerability assessments.