86% of hackers don't worry about repercussions
Posted on 14 August 2014.
Thycotic announced the results of a survey of 127 self-identified hackers at Black Hat USA 2014. The survey found that 86% of hackers are confident they will never face repercussions for their activities. In a double-edged sword conundrum, 88% of respondents also believe their own personally identifiable information (PII) is at risk of online theft.

Asked which types of employees they would most likely target first in order to gain login credentials for a particular company, 40% of the hackers polled indicated they would start with a contractor. This is especially relevant, given that Edward Snowden was a contractor, and used his privileged access to steal sensitive NSA documents.

Additionally, 30% of respondents would first target IT administrators, highlighting the importance of locking down access controls to privileged accounts.

Other key findings from the survey include:
  • More than half (51%) of hackers say their actions are motivated by fun/thrill seeking, while only 18% say they are motivated by financial gain.
  • Meanwhile, 29% claim they are motivated by social consciousness or a moral compass.
  • 99% of respondents believe that simplistic hacking tactics such as phishing are still effective.
  • 53% of hackers do not believe users are learning to avoid such tactics.
"The motivations and inner workings of today's hacker community have always been somewhat mysterious, but the damage they can do to an enterprise is painfully clear," said Jonathan Cogley, founder and CEO of Thycotic. "Understanding why hackers do what they do is the first step as IT security teams take measures to better control and monitor access to company secrets. Organizations need to do a better job of protecting the passwords and privileged login credentials associated with contractors and IT administrators, as these employees are a huge target for cybercriminal activity."


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th