Hacker attacks occur for many reasons:
#1 Highest reason for an attack is to make money from the attack
8/19 Hackers hack Medical company – 4.5 million data sets stolen
8/5 Synology devices get ransomware
8/2 Jimmy John’s credit card breach investigation
7/15 NASDAQ was owned 2005 – 2012 Arstechnica story
#2 2nd reason to attack your systems and network is to use your computers on the network to attack other computers (to make money or for political ends)
7/28 elasticsearch vulnerability could cause DDOS attacks
3/15 WordPress vulnerability can be used to attack other sites
#3 next reason to hack computer networks: Just because the hacker can –
The hacker may just want to test their computer skills
Can a business afford to take a chance?
As Bruce Schneier frequently talks about in his speeches and blog
The You tube video linked is a good review of the issues of incident response.
The most interesting item to me is the psychology of security that is included near the end of the video:
Humans are naturally risk averse in gains and risk seeking in losses.
This means that most people will not pay for a vulnerability scan or other security cost. The initial inclination is to take the risk.
Also if there is a risk in a potential gain we will not go the riskier route.
Here are the actual areas in Bruce Schneier’s web blog:
”
Prospect Theory
Here’s an experiment that illustrates a particular pair of heuristics.12 Subjects were divided into two groups. One group was given the choice of these two alternatives:
- Alternative A: A sure gain of $500.
- Alternative B: A 50% chance of gaining $1,000.
The other group was given the choice of:
- Alternative C: A sure loss of $500.
- Alternative D: A 50% chance of losing $1,000.
These two trade-offs aren’t the same, but they’re very similar. And traditional economics predicts that the difference doesn’t make a difference.”