There has been an accelerated growth of cybercrime over the last decade. Costs related to cybersecurity and cyber attacks have also burgeoned, with organizations having to pay more to keep their infrastructure secure. McAfee, a leading cybersecurity company, reported that the cost of cybercrime in 2017 was $600 billion. Individual attacks were estimated to have cost $5 million in the same year with $2.75 million having been lost to downtime and productivity loss. The cost of securing organizations was estimated to be $81 billion in 2016. Since the cost of cybersecurity solutions has also increased, the total cost of securing organizations has also been going up. Therefore, the world economy is losing a lot of money to cybercrime. This money could have been put to more productive use, but it is either ending up in the hands of cybercriminals or being spent on cybersecurity...
You're reading from Cybersecurity: The Beginner's Guide
The category of hackers
To best understand why there are so many cases of cybercrime, and why they will possibly keep on rising, it is important to understand the psychology of the perpetrators. Cybercriminals have the technical know-how to penetrate systems and networks to steal data, money, or compromise the integrity of the systems. The following are the main categories of hackers:
- Black hats: These are malicious hackers that purposefully penetrate systems and networks for financial or self-gain
- White hats: They are vigilante hackers that try and find vulnerabilities that can be used by black hats to attack systems so that mitigation measures can be taken
- Grey hats: They are black hats that have reformed and become security consultants
- Hacktivists: These are groups of hackers that join hands in hacking exercises, often to make a political statement aimed at pushing for social...
The traits of hackers
To understand the psychology that drives hackers to carry out crimes that are almost impossible to pull off, it is important to understand their traits. The traits observed with the majority of them appear similar; however, this should not be a cause of complacency. Organizations must be invested in exploring new use cases and finding out if there are more. The common traits observed in most cybercriminals are listed in the following sections.
They are patient
Hacking is a process, not just a one-off act. Hackers have been known to take their time to first study their targets. They do observations of how the system they are targeting operates, how secure it is, the humans that use it, and the times that...
How hackers think (motivators)
Now that we have acquired an understanding of the traits and social skills of a hacker, let's address the elephant in the room—the psychology of hackers, or more appropriately, how hackers think. The following are some of the thoughts that hackers have and that encourage normal people to turn to the life of cybercrime:
Getting money (monetary gain)
As organizations are becoming increasingly concerned about the cost of a single cybercrime attack, cybercriminals are at the point in their careers where they are making more money than ever. Hacking is evidently profitable, and hacking incidences have shown this. Business Insider claimed in 2015 that hackers, relatively, make $80,000 a...
What can be learned from the psychology of hackers?
From the discussions above, hacking can be better understood by looking at it from a psychological perspective. The traits of hackers, as presented, show that maintaining healthy social lives can help reduce cybercrime. People that lack social lives or like to lead isolated lives could be checked up on to make sure that they do not fall into cybercrime. It has been said that hackers are both patient and determined. These two traits have far-reaching implications for cybersecurity approaches in organizations. Since hackers will not relent easily, and will also take their time to find a vulnerability in the organization, it is prudent for organizations to adopt cyber resilience rather than cyber defense. Unlike cyber defense, cyber resilience ensures that an organization is protected from attackers, and, in the event that an attack...
Summary
The chapter has focused on what drives hackers and has discussed their psychological make-up and thought patterns. In the psychological make-up section, we have looked at the traits which define most hackers. These traits include patience, determination, insensitivity, risk-taking, coercion, carefulness, defiance, lack of social skills, radicalism, and rebellion, among others. Most of these traits help profile attackers and can be used to prepare an organization for hacking incidences. The patience and determination show just how far a hacker is willing to go. Insensitivity rules out appeals for mercy as a countermeasure to hacking events. The risk-taking trait shows that the hackers are not afraid of the law catching up with them, as it hardly ever does. Coercion and carefulness show how meticulous hackers are in their attacks and can get the best of targets, even before...
Further reading
The following are resources that can be used to gain more knowledge on this chapter:
- http://blog.wallix.com/the-psychology-of-the-cyber-criminal
- https://www.ripublication.com/irph/ijict_spl/ijictv4n3spl_06.pdf
- https://blog.avast.com/psychology-of-cybercrime
- https://pdfs.semanticscholar.org/3302/e173939ae434ad30f91d4c60d69f5e4a05e3.pdf
- https://www.donau-uni.ac.at/de/department/gpa/informatik/DanubeUniversityHackersStudy.pdf
- https://www.sans.org/reading-room/whitepapers/incident/paper/36077
Social characteristics of hackers
Having looked at the psychological make-up of hackers, it is good to look at their characteristics. These characteristics help explain what influences their criminal minds to act in the ways they do. The social characteristics are as follows:
Lack of social skills
Hackers tend to be withdrawn and introverted. They will not have much of a social life outside hacking, and this explains why they are inconsequential and ready to take risks. If hackers had a stable family and several dependents, they would be less drawn towards engaging in cybercrime as they would fear being arrested and leaving the dependents without a breadwinner. The lack of social skills also presents another problem, where...