The Cyber Criminal Process
When you think of cybercrime, you may think of a sophisticated hacker with futuristic equipment who
targets giant corporations in order to gain access to massive amounts of data. However, cyber criminals
are much more akin to your common petty thief—looking to gain easy access to unsecured data. More
often than not, these are crimes of opportunity. In order to understand how to secure our data, we
must understand the steps that these criminals take to “break in”.
Information Security is a field that is rapidly growing and improving. This makes it relatively tough for
cyber criminals to target the tough shields that companies put up to protect their data. Craftier methods
have been emerging, including phishing scams, email attachments, spoofing, and harmful links. While
many physical and virtual defenses may be strong, oftentimes humans are the weak link in this
equation. If their workstations are vulnerable and they click on the wrong thing, their information may
Once a criminal has gained access to a computer, they will then investigate the specific security
privileges the user has and how to use this to gain access to proprietary information. If the specific user
does not have administrator privileges, the criminal will utilize the network connection to exploit other
user accounts until they stumble across an account with escalated privileges. Sometimes, these
criminals can scan the network to determine which machines have certain levels of access. When
companies neglect important updates and patches, hackers can easily gain access to administrator-level
machines. At this level, criminals can often bypass any security defenses that have been put into place
on a network.
Once a criminal has gained access to a system, they make it their goal to maintain their access to the
system. Oftentimes, these criminals will configure a tool so that they can remotely access the network.
These may not trigger any sort of antivirus or malware detection, and the infiltration will be virtually
unnoticeable. Once the criminal has made themselves comfortable, they will settle in to do what they
originally intended—steal information. This data can be held for ransom, or, more often, sold in batches
on the dark net market.
Once a criminal has been discovered, they will move quickly to cover their tracks. This is often when
companies that have been compromised are at their most vulnerable. If a criminal is discovered, it is
simple for them to wipe out the network in order to make themselves virtually untraceable. This can
result in the loss of even more data and proprietary information for the victim.
In order to mitigate the risk of these events happening, it is important for your business to have a plan.
First, identify the information that is critical to the business, understand the risk and consequences of
losing that data, and prioritize security spending. Without the data we protect, there is no business.
Protect your website investment from hackers.
Sign Up Now