Eric Chabrow over at the Government Info Security blog found an interesting post by Stuart Coulson, who is a director of a hosting provider in the U.K. Coulson wrote a somewhat longish post where he identifies seven levels of hackers, the higher the number, the greater the threat they pose. Eric summarized the levels, and provided a link to the original longer article. Here they are:
- Script Kiddies: Essentially bored teens with some programming skills who hack for fun and recognition. They're thrill seekers.
- The Hacking Group: A loose collection of script kiddies who wield more power as a collective than as individuals, and can cause serious disruption to business. Think LulzSec, known for attacks on Sony, CIA and the U.S. Senate, among others.
- Hacktivists: Collectives that often act with a political or social motivation. Anonymous is the best known hacktivist group that has been credited - or blamed - with attacks against child-porn sites, Koch Industries, Bank of America, NATO and various government websites.
- Black Hat Professionals: Using their expert coding skills and determination, these hackers generally neither destroy nor seek publicity but figure out new ways to infiltrate impenetrable targets, developing avenues of attacks that could prove costly for governments and businesses.
- Organized Criminal Gangs: Led by professional criminals, these serious hackers function within a sophisticated structure, guided by strict rules to ensure their crimes go undetected by law enforcement.
- Nation States: With massive computing power at their disposal, they target critical infrastructure, military, utilities, political or financial sectors.
- The Automated Tool: Fundamentally, it's a piece of software that acts like a worm/virus and tries to affect as much as possible to give itself the largest possible framework. "A well-crafted tool could be utilized by any one of the other six criminal types," Coulson says.
All of these most often use social engineering to get into a target network. They go after the employee, who is the weakest link in IT security. New-school security awareness training is needed to create a human firewall that's your first line of defense, on top of all existing security software layers.
Get a demo and see for yourself how you can harness your employees and keep your network safe.