Anonymous Grabs the Headlines, But it’s the Smaller Hackers You Need to Worry About
It can’t be denied that, even including their name, hackers sound objectively cool. Entertainment and mass media have created a fascinating and dramatized association between the word and the images of a stoic, principled supergenius (or a geeky, awkward supergenius) sitting at the most technological-looking setup imaginable as they break into some major establishment to “stick it to the man.”
This idealization of the “righteous rebel hacker” has spilled over from fiction into reality, allowing groups like Anonymous to become almost admired as they seek out and remedy injustices with their online vigilantism. When their targets have included hate groups like the Ku Klux Klan, ISIS, the Westboro Baptist Church, and child abusers around the world, it is difficult not to romanticize groups such as Anonymous. However, many feel that the group qualifies as an ineffective vigilante group at best, and cyber-terrorists at worst.
While Anonymous has largely dominated the mass media coverage of hacking in recent years, their attacks in no way make up the majority of modern cybercrime. Most hackers today operate for the benefit of organized crime rings or for government-backed hacking initiatives.
Despite the actions of highly publicized groups like Anonymous receiving the vast majority of media coverage for the results of their hacking attacks and their live demonstrations, the latter groups of hackers are the ones that the global community should be more concerned about.
These hackers are the ones who, in 2015, cost the global economy an estimated $575 billion– almost a full percentage point of the gross domestic product of the entire world, and almost the GDP for the country of Argentina that year. The average breach in 2015 would cost a US company approximately $6.5 million. What would happen to the small business that was hit with that, or even an attack with significantly lower capital costs?
With any luck, nothing, as these businesses would be wise enough to proactively prepare themselves to identify and thwart a potential breach. One of the Netherlands’s top banks, ABN AMRO, put together strategies that have effectively protected their systems and have been used to inform many other security systems.
First, ABN AMRO understands the impossibility–whether it’s fiscal, technological, or otherwise–for every company to create the ultimate impenetrable system. Therefore, rather than trying to eliminate all vulnerabilities, ABN AMRO creates a system that is highly usable by the end-users who need to operate it and then instructs those users how to identify and deal with threats that attack those vulnerabilities.
ABN AMRO’s second concept deals with the universal weakest link found in any and every system, application or program: the user, be it an employee or a company client. While it is important to educate every user of the numerous tactics a hacker might deploy–such as phishing attempts, brute force attacks, or social engineering–it is equally, if not more important to prepare for the worst.
It is also important to accept that there is only so much you can do to in terms of protection. Therefore, rather than take money away from your critical applications to protect them, it is best to understand what the vulnerabilities of a system are and prepare defensive secondary measures accordingly.
Finally, ABN AMRO recommends hiring hackers to assist in defending against other hackers. While this may seem counterintuitive, there are a large number of ethical hackers out there who specialize in just this type of process. Ethical hackers will attempt to break into a system, reporting any vulnerabilities to the system administrator for remedies and patches to be devised.
Has your perception of a hacker changed? Let us know in the comments below!