Cyber-attacks can leave companies wondering “how could this happen to us?” so, when these situations arise, it can help to know what might be motivating these attackers.
What motivates a cybercriminal?
Often, we can use an acronym called M.I.C.E to do a quick analysis.
M – Money
I – Ideology
C – Compromise
E – Ego
Money
Money as a motivation may be the most frequent but also easiest to deal with of the four. Someone motivated by money will likely cast a wide net and look for easy targets. If this is the primary reason why someone might be after your company’s data, simple preventative measures could be used to deter these attacks from happening.
One of the most common ways that cybercriminals earn money is by selling data on the black market. A lot of companies are not aware that they have been compromised and their data has been stolen until it’s too late. This can lead to a ransom situation where hackers demand money from the company in exchange for not releasing their data onto the internet or for unlocking their systems.
Ideology
Ideology is a motivation that makes the threat a little trickier. These individuals are targeting companies due to a difference in values. While there may be other groups they want to target also, they tend to be more persistent. The goal of this type of threat is often to shame or embarrass.
Also, ideology as a motivator could mean your group is the target of nation states. Why does this matter? Because nation states are well funded and super determined. This type of motivation calls for vigilance and for you to understand the exact data they maybe after and going above and beyond to protect it.
According to a recent study by Trellix and the Center for Strategic and International Studies (CSIS), 86% of organizations believe they have been targeted by a nation-state threat actor. While many state-sponsored threat actors engage in spear phishing, ransomware is the preferred weapon of these cybercriminals.
Compromise
Compromise usually refers to insider threats. Is it possible that employees would turn on the firm because of differences in opinions or processes?
Take the case of a research and development firm. Intellectual property is their product. However, even though the employees work for you they may feel the company’s property belongs to them, not the business, and may feel justified in theft. In this case, you want to put your cybersecurity dollars into watching your own.
The increasing usage of “bring your own device” (BYOD) in hybrid work environments has changed the technology landscape for organizations. While some of this risk can be unintentional, it is wise for businesses to use a framework of common factors and patterns typically seen to help enable proactive threat detection to identify potentially malicious intent.
Ego
Another area where we may want to consider this motivation is the human factor. Companies with high turnover or a particularly contentious separation may find ex-employees have an axe to grind over dismissal. These types of threat actors will be attempting to cause the most embarrassment and/or pain to prove the company cannot function without them. If this is a potential threat vector for the organization, dual controls need to be put in place.
A survey conducted by security firm OneLogin found that only about half of IT decision makers were “very confident” that former employees were no longer able to access corporate applications. Additionally, 20% said they had experienced data breaches by former employees.
Looking at the motivations of hackers and cybercriminals is just one possible way to look at how we can dictate our cybersecurity priorities. By looking at the most likely perpetrators, we can ask who would be motivated to come after the company, what are the tactics, techniques and procedures and priorities, and what defenses are needed.