In the wake of the Talk Talk hack we heard all kinds of speculation about the motives of these attackers, the methods they might have used and their ultimate goals. There were experts who blamed international terrorists or eastern European crime syndicates. Then the arrests came, police took two 16 year olds, a 15 year and a 20 year old in for questioning.
This week, cyberpsychologist Mary Aiken challenged authorities to better understand the motivation of hackers and find ways to direct their skills.
“We know a lot about criminology. We know a kid in a particular neighborhood with a particular group of friends might get sucked into juvenile delinquency. We don't know anything about cyber juvenile delinquency,” she said.
The IT security industry has to answer for itself here too. There is a tendency to “demonise the enemy” when it comes to how we define those who try to break into networks and steal data. This is an age old propaganda tool. If we present our adversary as less human or super human motivated by evil it makes us feel united against a foe that must be stopped. But is this focus on attackers just a way to excuse the fact that IT teams are failing to deal with vulnerabilities closer to home? After all, the more skilled and motivated the attacker seems, the more your network and data appears at its mercy. The reality is, of course, not quite so straightforward.
For example, recent research has shown that over a third of ex-employees still have access to corporate networks. Surely statistics like that highlight that maintaining healthy IT systems and infrastructure is just as important as protecting against these external threats? Staying on top of privileged accounts or server access definitely is not as glamourous as thwarting villainous cyber threats, but it is the first and most simple step to securing your organizations data. This is particularly true if you’re required to meet a compliance standard like PCI where “tracking and monitoring” access form an integral part.