When talking about computer and IT security, it's not uncommon the subject usually brings up "the bad guys". After all, if they didn't exist we wouldn't be having a security conversation in the first place, right?
But who are these "bad guys" and how is it they can spend their days harassing business owners and their employees with little to no repercussions?
As it turns out, there are actually three primary categories of "bad guys" which can affect your business. Each of them in a different way and each will pose a differing threat level depending on your line of business and scale.
The first type of attacker is the one most people envision as a darkly-clad, faceless enigma sitting in a dark room spending all day hacking people and businesses. While the image may be a bit over-the-top, this type of attacker does exist and is actually making a bit of a comeback today. Exploit tools have never been easier to get or run today which has lowered the bar substantially for people to get into the "hacking" game. This makes it both easy and attractive for individuals to use these tools to try and make a quick buck.
So who makes these tools? That question brings us to the second group: organized crime. The mafia hasn't disappeared, they've simply gone high-tech. Up until recently, these organized groups are the ones who have had the resources and ability to find weaknesses and create the tools to exploit them. Previously, they used the tools themselves to extort others but many of them nowadays also sell these tools to others to double-up their income. The "lone wolf" style attackers are one of their customers but their other customer is our third type of attacker: State actors.
While lone wolves and cyber gangs tend to focus on anyone and everyone who will make them money, state actors usually have a different set of focuses. Often times they will be looking to destabilize economies of other countries, obtain useful intelligence or information, or get dirt on a politician or other official. State actors have become much more prevalent in the security discussion as of late for a number of business verticals as they have become much more active in targeting private companies over government infrastructure.
So where are these people located which allows them to do these types of things? Most often, the actual people behind the screens are located in other countries. Ones without strong ties to the United States and also with strong reservations about extraditing their own citizens for breaking the law in another country. This unfortunately makes it extremely difficult to catch and actually shut down attackers and allows them to operate with impunity. As a result, we tend to have to take a slightly more defensive approach to protecting assets and business. Having a proactive approach to security as well as good security hygiene goes a long way towards making this approach work well and is why we as IT providers stress it as much as we do.
Hopefully this has given you some insight into the "why behind the what" when it comes to security discussions. Stay safe out there.