Why Systems Are Attacked

Contents
  1. Why are systems attacked?
  2. Hackers & Unauthorised Access
  3. Ethical Hacking

1. Why are systems attacked?

Cyber-attacks are ever more frequent and a lot of effort goes into both preventing  and dealing with the consequences when they have happened. 

Understanding the motivation behind attacks can help organisations understand more about the risks they face so that they can tackle them.

The main reasons behind an attack are:

  • Financial Gain - targetting sensitive information which can be sold or used for blackmail.
  • Data and Information Theft - targetting data which may be valuable, e.g. to a competing business or to another government
  • For fun - not motivated by money, but for the thrill of carrying out an attack. Individuals carrying out attacks for fun aim to gain notoriety within their communities
  • To disrupt business activity - aiming to disrupt a business to prevent them from providing a service to their customers.
  • Personal attacks - driven by personal vendettas against a business or individual. They could be a disgruntled former employee or customer

2. Hackers & Unauthorised Access

Hacking is the act of gaining unauthorised access to a computer. A hacker will break in by circumventing security, they may know someones password, or they may have found weaknesses in software that allow them to access the computer.

Once a hacker has access to a computer they will be able to access the data on it as if they were an authorised user.

Hacking may take place remotely or even directly on the computer.

The most common form of hacking is someone simply logging onto a computer with someone elses username and password. This is why it is important to have a strong password that no one else knows.


3. Ethical Hacking

Not all hackers are malicious, some hackers can be ethical, and work to help organisations defend themselves from malicious hackers. These ethical hackers may be employed to break into an test the security features of a computer system. They report any issues they find so that they can be addressed.

This is called penetration testing

We use a coloured hat system for identifying what kind of hacker someone is.

  • White hat hackers are ethical hackers and carry out their activities with permission (authorised access)
  • Grey hat hackers are ethical hackers but will hack systsems without permission. They may hack a system to bring attention to a security problem, or for a "bug bounty".
  • Black hat hackers are malicious hackers