Every villain wants something: Ganon wants power, GlaDOS wants revenge, and Bowser wants to steal the princess. Cybercriminals also have wants, and while some of them may have an eye on world domination, the majority of cybervillain motivations fall into three categories: they want your credentials, your important business information, and above all, they want your money.
Knowing a cybercriminal’s motivations is important in stopping them from succeeding. By understanding what a cybervillain wants, you’ll be able to better predict his actions and stop him before it’s too late.
Here are three main motivations of cybervillains and how you can heroically fight against them:
1. Stealing Your Credentials
The best way to hijack an organization is by making it look like nothing’s happened at all; that way, no one can identify and stop the threat before it escalates. Thus, an easy way for a hacker to commit a cybercrime is by impersonating someone who works for the company they plan to attack. And a simple way for a hacker to become you is by stealing your login credentials.
In some cases, all a hacker needs is a password and username, and voila! Your ID is theirs. Too often, we make our computers or data easily accessible, which is exactly what a hacker’s looking for. Once they have your computer, guessing your password is simple, especially since we tend to use the same passwords repeatedly. So in the battle to secure our credentials, it seems like the cybervillains have a clear advantage. But an advantage doesn’t ensure victory, and there are precautions you can take to best them.
How to Combat the Credentials-Villain
Tools like MFA (multifactor authentication) will make it harder for a credentials-villain to succeed. MFA requires multiple verification tools, so even if a hacker has your username and password, he won’t have enough information to access your files. Additionally, good password policies will make it harder for a hacker to guess your credentials, and physically securing your computer will make it a less-easy target.
However, MFA alone is not always enough to stop a cybervillain, and unsafe internet practices can provide entry to the rest of your company. And once a cybercriminal finds his way in, you’ll have something else to worry about: your business information.
2. Exposing, Losing, or Encrypting Your Important Business Info
Different businesses deem different information as sensitive or important. For instance, a legal firm has thousands of files on client cases, whereas a healthcare provider has just as many health records for just as many patients. To a cybervillain, the focus is usually not on the information’s content, but rather, on the value it offers your organization: they’ll target the law firm’s cases, the healthcare provider’s health records, and whatever else they find worth taking.
There are three main types of information targeted by hackers:
- Personally Identifiable Information (PII), which includes information like SSNs, bank account numbers, names, and addresses.
- Payment Card Industry (PCI) information, which is important to any business that handles credit cards.
- Protected Health Information (PHI), which consists of medical records such as procedures, diagnoses, and any payments made by an individual to a health institution.
If a cybervillain gets his hands on any of these files, it can mean disaster for your company; he may threaten to get rid of them or make them public, thus causing your company to lose customers and revenue, or even shut down completely.
Foiling the Important-Info-Fiend:
The best way to protect your files is to make sure they’re not stolen in the first place. Employee negligence is a common cause of information loss, and simple training procedures can mitigate this risk. However, even the best trained employees make mistakes; for this reason, you’ll always want to have backup copies on hand.
Backups are like a loyal sidekick in the fight against cybersecurity. But it’s not enough to just have backups—you’ll also need to make sure they’re constantly running and constantly updated. Otherwise, the cybervillain’s files will be the only files, and you’ll feel pressed to buy them back.
Often in games, comics, and TV shows, the villain’s main motivation is simple: money. For cybercriminals, the motivation’s the same—arguably, the two other motivations are simply components of this larger one. In order to get this money, a cybercriminal might use ransomware, which encrypts or removes your files until you pay him. But there’s no guarantee he’ll give them back, and he could always use copies to strike in the future.
Taking down the Money-Miscreant:
Security awareness training will go a long way in helping your team identify common hacking techniques. Avoiding hacking altogether is preferable to dealing with its aftermath. In short, best practices are the best way to stay safe, and like with all superheroes, vigilance is key.
Constantly training and testing your employees is essential. Encouraging a culture of cybersecurity is a must. No one wants the cybervillain to succeed, and your best chance at stopping him is to stay informed.