TechRepublic’s Dan Patterson talked with LastWall’s CEO and co-founder Karl Holm and organizer of the 2017 Cybersecurity Summit Ryan Brack about the motivation of hackers. When looking at the attacking industry, it may not be so easy to determine how many hackers are actively trying to infiltrate a corporate system.

SEE: Security awareness and training policy (Tech Pro Research)

Holmqvist said the size of the attacking industry “is hard to answer because it’s not just one adversary.” Some people are motivated to hack for economic purposes, Holmqvist noted, which actually makes for an easier defense tactic because all a company needs to do is make the cost of breaking in slightly higher than what the infiltrator would get out of hacking the system.

Hackers also attack for personal reasons, Holmqvist added, trying to gain the secure information for their own use. In these situations, companies may have a more difficult time defending themselves because hackers can have large budgets and very coordinated plans, Holmqvist said.

Brack said the best way companies can prepare for the future and protect themselves is with user communication. Both the user they are selling to and the internal employee user, Brack clarifies. “Most attacks come from user error,” Brack added, whether that be phishing attacks or opening infected attachments.

“Understanding where [companies] are in preparedness, what assets are vulnerable, and getting high level buy in” are the best strategies for keeping companies safe, Brack said.

The 3 big takeaways for TechRepublic readers

  1. The number of hackers out there are too many to predict. Whether motivated by economic or personal gains, no company is exempt from cyberattacks.
  2. If the hackers are attacking for economic gain, the best mode of defense is to make the cost of breaking in too high for the attack to be worthwhile. If the hacker are attacking for personal gain, companies will have a much tougher time protecting themselves.
  3. User communication is the primary way companies can have a proactive method of defense. Most attacks are caused by user error, so informing both external and internal users about cyberattacks is essential.