To prevent security and data breaches that can inflict millions of dollars in damages to a company, the business owners must be able to understand how the mind of a cybercriminal works. To date, Philippine enterprises with vulnerable IT systems stand to lose hundreds of thousands, even millions, if their information is hacked and stolen. According to Secuna, the Philippines’ largest cybersecurity testing platform, these risks can be mitigated by doing deep dives into how these digital terrorists think, plan, and operate.
After securing that knowledge, companies would be in a stronger position to detect and identify security flaws, fix their systems, and come up with countermeasures that will prevent digital invasion.
Motivations and methods
Allan Jay Dumanhug, Infosec Head of Secuna, names the first step in this learning, “To a cybercriminal, every computer system is like a pot of gold. In our high-tech age, data is the new gold. He or she sees in every computer, database, and IT infrastructure treasure houses that hold valuable information that can be stolen, exploited, used, and sold.”
Because of this mindset, all companies, regardless of industry or scale, are attractive to these data thieves. “Entrepreneurs should not make the mistake of thinking that cybercriminals will ignore them because they are small or starting up. Every company owns valuable data, even if the owners themselves don’t see it that way. No company is safe.”
Many motivations also spur cybercriminals into launching their attacks. A lot of them do it for greed, targeting financial institutions and selling their sensitive information on the dark web. Some do it for revenge, defacing a website in retaliation for real or perceived wrongdoings while promoting messages about their beliefs. Others are lured by the thrill of breaking into a supposedly secure system and doing what no other IT pro can.
Regardless of motivations, however, cybercriminals share a modus operandi that business owners should watch out for. Mr. Dumanhug elaborates, “They patiently observe a company’s IT system, waiting for a vulnerability, like misconfigurations or insufficient cyber defenses, to show itself. The criminal will then exploit that weakness to create an entrance into the system. Once they are in, they copy all the sensitive information such as employee financial records, clients’ email addresses, bank information, credit card numbers, and passwords.”
Cybercriminals also are not satisfied in attacking a company just once. Mr. Dumanhug cautions, “After getting all that data, they will often install a backdoor in the company system to maintain access so they can enter again easily or perform some lateral movements and pivoting to discover connected services and compromise it.”
Fatal cybercriminal misconceptions
Secuna research enumerates long standing fatal misconceptions about cybercriminals that the public must discard to gain security:
Misconception #1: Cybercriminals typically do ransomware.
In ransomware, cybercriminals announce their actions and demand payment to restore the company systems to normal. Very little can be done to retrieve the company’s data once it has been sold or leaked publicly by the cybercriminals. As dangerous as ransomware is, it is not the only attack that cybercriminals do. Others are email and internet fraud, financial theft, cryptojacking, and cyber-espionage.
Misconception #2: Breaches can be discovered in just days or weeks.
A company that takes days to discover the breach and its resultant damages stands to lose $4.24 million per incident on average. However, the actual average damage that a company suffers from a breach is much higher. According to the IBM Cost of a Data Breach Report 2020, the average time to identify a breach in 2020 is 228 days, roughly seven months. As customer trust and their reputation are also severely hit, not many enterprises recover with the start-ups having a tougher time.
Misconception #3: Cybercriminals usually work alone.
While individual identity thieves do exist, organized cybercrime groups are a very present and a major threat to companies and governments around the world.
Misconception #4: A company is only attacked once and just by a single attacker.
When a company is breached, cybercriminals usually sell the “schematics” of the breach in the black market to their colleagues who can then use it to attack the victim at a later date. With the discovery rate very low, companies may have been breached several times by several individuals and groups without their knowledge.
Strong cyberdefenses
Given these cybercriminals’ considerable skills and the support from their own network, their attacks can be countered by an equally knowledgeable and skilled community—but this time, one that is on the side of the digital angels. Secuna has nurtured and vetted trusted international cybersecurity professionals called White Hat Hackers (WHH) to identify potential security flaws. These ethical hackers can prevent what the cybercriminals do because they know how their opponents think and attack.
First, these WHHs launch their own probes to discover vulnerabilities in a system. They launch tests, similar to what cybercriminals are doing, to assess how and if the company’s systems can stand against them. In analyzing the nature of the attack, the company weakness, and the potential damages that can happen, the ethical hackers can identify vulnerabilities and equip the company with enough information to build strong cyberdefenses that can repel future cybercriminal attempts.
“Having a large network of WHHs is a huge advantage,” maintains Mr. Dumanhug. “As hackers, they are also privy to the ways, mindsets, and methods of cybercriminals, enabling them to stay one step ahead. WHHs are not only trained to spot vulnerabilities–they’re also there to prevent further online crimes. Their understanding of the breakdown of a data breach, where the common vulnerabilities are, and finally how to potentially resolve these before they become a problem—all these helps reduce a company’s risk of being breached.”
As more companies continue to store their confidential and sensitive information online, cybercriminals will continue to develop their tools and techniques to plunder data for harmful purposes. But knowing how they think and operate, and receiving support from a group of WHHs, can keep companies away from their striking distance.