Attackers are sophisticated. They are organized. We hear these statements a lot but what do they mean to us? What does it mean to our businesses? When we dig deeper into the “business of hacking,” we see that the attackers have become almost corporate in their behavior. Their business looks a lot like ours. Cyber criminals look to maximize their profits and minimize risk. They have to compete on quality, customer service, price, reputation, and innovation. The suppliers specialize in their market offerings. They have software development lifecycles and are rapidly moving to Software as a Service (SaaS) offerings. Our businesses overlap in so many ways that we should start to look at these attackers as competitors.
This paper will explore the business of hacking: the different ways people make money by hacking, the motivations, the organization. It will break down the businesses’ profitability and risk levels, and provide an overall SWOT analysis. From this, opportunities for disruption will be discussed and a competitive approach for disrupting the business of hacking will be laid out.
The information in this paper draws on data and observations from HPE Security teams, open source intelligence, and other industry reports as noted.
Whether building in enterprise security or applying security intelligence and advanced analytics, we can use our understanding of the business of hacking and the threats to our specific businesses to ensure that we are investing in the most effective security strategy.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program