author photo
By Courtney Theim
Wed | Feb 8, 2017 | 11:54 AM PST

What's the best way to defend against cyber attacks? Know who you're fighting against.

There are four main types of hackers that your organization (or personal data) may encounter. While this list is by no means exhaustive, understanding the general motives behind each group and what they are seeking can help you in the fight to stay secure.

Cyber criminals

Cyber criminals are not 400-pound hackers sitting on their beds at home. Not always anyways. 

This group is primarily concerned with extorting money from you. A study from Kaspersky Lab found that ransomware attacks struck companies every 40 seconds—and every 10 seconds for individuals.

In the first three months of 2016 alone, cyber criminals were paid more than $209 million in ransom, according to the FBI. And ransomware is only one type of attack vector! 

The best way to fight this type of hacker is to ensure they aren't getting paid. That means don't pay the ransom, and don't make your information available to them to sell on the dark web. 

Because the vast majority of cyber attacks begin with phishing, train yourself and your employees to know what to watch for.

Insider threats

Not all insider threats come from malicious employees, bent on revenge.

Sometimes it's a cyber criminal gaining access to a legitimate company account, or it's the average Joe down the hall who didn't realize he was compromising his credentials.

Either way, insider threats are geared toward stealing sensitive information and sharing it with those they shouldn't. And it's expensive. Recent Ponemon Institute research found that malicious insiders cost companies an average of $347,130 per incident.

So what's an organization to do? Behavioral analysis and automating authentication processes are key. Plus, monitoring and removing permissions when they are no longer needed will keep disgruntled employees from turning on you when they leave.


Remember when that guy called for a massive DDoS attack of the White House's website in protest of Trump's inauguration? 

That's a classic example of the hacktivist agenda. This type of hacker is harder to predict or even to respond to, since they're generally not motivated by money. 

They instead want to make a statement, sometimes for political reasons, and often just to cause cyber vandalism. Street cred and popularity is often the motivation behind these types of attacks.

Hacktivists often deploy DDoS attacks in order to take down a website. Other times, they'll simply hack a site (or social media account) and replace content with their own propaganda. 

Using proper password management, regularly updating (patching) your site, and having a proper DDoS mitigation plan in place can help protect against these types of attacks.

Nation states

While this type of attack isn't as common, its effects could have far greater consequences.

Cyber warfare through state-sponsored attacks could lead to entire cities being denied access to power, water, etc. in order to prove a point. Cyber espionage is also a serious threat, and could put your country's intel and infrastructure at risk.

However, this type of attack would need long-term access to your network, so Advanced Persistent Threats (APTs) are most common. Unfortunately, this means that multi-vector attacks are their best bet at getting into your network and siphoning off as much data as possible. 

Having a cybersecurity strategy that accounts for different types of attacks and communicates within platforms, teams, and individuals inside your organization is your best bet for keeping the bad guys out.

Bottom line? Be prepared

No matter what type of hacker you may encounter, it's important to keep in mind what they want and how they might go about getting it. 

By incorporating this mindset into your incident response plan, you'll have a better chance of protecting your time, money, and information should you be attacked.