When you think of nefarious bad guys trying to steal your personal information across the internet, what do you see? Maybe a scrawny kid in a hoodie, sitting alone in a dark basement with only the light of a computer monitor to see by? Maybe they have strangely hypnotic eyes or an impressive beard?
Furthermore, what do you picture this “bad guy” doing? You’d likely imagine someone going up against big corporations or corrupt politicians, filling a classic anti-hero role. Or, possibly someone who is the jealous, anti-social villain type trying to sow chaos and disrupt the order of a world that ostracized them.
Our pop culture perception of cybercrime revolves around tropes like these — and for one reason: they’re considered “entertaining.” But that doesn’t make them true.
When that’s the image of cybercrime you have in your head, it’s easy to assume you can avoid being a target of cybercriminals by keeping a low profile. Nobody is ever going to try to hack into your personal email and blackmail you if you didn’t upset any vengeful villain today, right? Or, they’re not going to infiltrate your company’s network if you’re not polluting around the globe or accepting bribes from authoritarian regimes, right?
Based on pop culture tropes, it’s easy to believe that most people probably have nothing to worry about. They’re not interesting enough, big enough, or callous enough to make an interesting target from a vengeful anti-hero.
The reality, however, is that many of the faces of modern cybercrime don’t look like what we see in movies.
They’re much harder to spot, precisely because in many cases, they look a lot more like legitimate businesses than you might expect. The work they might do day-to-day to steal personal information and disrupt businesses is pretty boring.
So, what motivates a modern-day hacker anyway?
Personal Information as Currency
Personal information is a major currency of these illegitimate hacker “businesses.”
When stolen and aggregated, personal information can be sold for a tidy profit, and it’s a lot easier to try to get into your business’s data than to try to gather their own to sell.
In many cases, it doesn’t even require much effort: many sites in less savory corners of the internet will sell aggregated collections of email addresses and passwords that have been gathered from past data breaches. From there, all it takes is a bit of unsophisticated scripting to use these aggregated emails and passwords to try to log into different websites across the internet.
In this case it doesn’t matter who you are. You don’t have to be an attractive target, you just have to be a possible one.
These folks aren’t looking to only hit the biggest, most valuable businesses. It’s a case of quantity over quality: take a few thousand emails and passwords, see how many of them work out against high value services (like email providers or CRMs) and then see what kind of data you can pull out of those accounts to sell. Or, how you can use those accounts to disseminate phishing emails or ransomware. It’s a numbers game.
Cashflow, Not World Domination
Now, websites are aware of these kinds of attacks and have protections in place to combat them. Attackers can push back on those protections if they’re invested enough.
Since cybercrime cost the world just under a trillion dollars in 2020 alone, it’s clear that these organizations are stepping up their game because they know, just like you do, that there’s a ton of value in the information and tools that your business uses. The best thing you can do is protect yourself and your business with tools like multi-factor authentication.
If you need more evidence that these folks are some bizarro world businesses, look no further than the statement released by Darkside, the group whose ransomware attack brought down the Colonial Oil Pipeline and caused gas prices to spike in May of 2021.
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives.
Our goal is to make money and not creating problems for society.”
These groups are interested in cash flow, not world domination — and they use things like ransomware to get large companies and organizations to pay up.
In these cases, larger organizations are obviously more attractive targets, but ransomware against individuals via phishing schemes can also net a sizable payout.
Start Protecting Your Business
When you think of hackers in the future, I’d like to propose a different framework than someone who looks like Rami Malek or Keanu Reeves.
A lot of hackers look and behave like legitimate businesses, even if they do illegitimate things. Maybe they work a regular nine to five schedule. Maybe they take vacations with their kids and partners. They’re trying to build a business too — but their business is built on theft and exploitation of your business, and the data and trust of your customers.
As stewards of your customers’ data, you have to do everything in your power to help keep their data safe. Here are a few resources to help you get started:
HubSpot Academy Content and Webinars:
You’ve done a great job of building relationships, communities, and image around your business. You can do a great job of keeping all that secure, too — and be a steward your customers can trust.
Read the latest on data protection and security from HubSpot.