We feel it’s important for businesses to know how a hacker thinks so you’re aware of how hacking happens, when it happens, why it happens, and most of all, so you’re able to protect yourself before it does. The last thing we want is for businesses to be shell-shocked when confronted with an increasingly victimizing situation. Hopefully after reading this, you’ll be able to understand and perhaps even spot a hacker from miles away, steering your business clear from harm. 

General Drives:

Dollar signs ($) and security vulnerabilities drive hackers. Most hackers hack for money, fun, and because they thrive on the challenge. The risk is fun, the reward is great. 

What sort of work an entity does is regardless, every and any type of entity is up for grabs so-to-say.

But just to sprinkle some knowledge, commonly targeted organizations consist of financial institutions, healthcare organizations, public sector entities, and of course, most devastatingly impacted – small businesses. 

Because there are so many variations of hackers, for the sake of simplicity, we’ve divided these groups into three categories; the good, the bad, and those treading somewhere in the middle. And some of these groups blend together in the sense that they’re very similar, the only differences are their coordination, inherent level of skill, and other subtleties. 

The Good:

While nobody really likes the idea of hackers existing among us, they can have a positive impact and purpose. More than half of the hackers surveyed by NBC News say they hack “to do good in the world.” 

A fine example of this exists in the bug bounty programs seeping into the mainstream. Companies seek the help of hackers by having them attempt to break into their security systems, exposing flaws that can then be proactively fixed and strengthened. Netscape first started a program of this kind in 1995; since it’s deployment, Microsoft, Tesla, and Google have all introduced bucks-for-bugs programs. Facebook has paid out millions to researchers since starting its program in 2011.

Here’s some well-known groups of hackers doing good:

White Hats – The type of hackers who’d participate in the bug bounty programs mentioned above. White hats are hackers who attempt to breach a system for ethical reasons and provide the target organization with detailed information that will help expedite their patching and remediation efforts. 

State-Sponsored Hackers – These are groups who are subsidized or supported by a government agency, including specialized teams within such agencies themselves. In this case, the “good” aspect obviously and only exists for the state sponsoring the hacking, not the victim. A notorious example of a state-sponsored hack is Russia’s attack on the United States during the 2016 Presidential election.

Red Teams – A red team is a group of ethical hackers acting as if they were nefarious bad guys. They may employ a series of tactics, both high-tech and low-tech (such as social engineering) to simulate what a true criminal might do when trying to break into an organization. These teams think like the enemy.

Blue Teams – Blue Teams consist of ethical hackers working to defend against attacks and secure an organization’s environment. Blue and Red Teams often work together. After an imitated attack by a red team, a blue team adjusts defense mechanisms, so organizations can respond faster and stronger to future attacks.

The Bad:

Most often, when you think of the term hacker, you think of these bad guys. Rightfully so, as a hacking attack happens every 39 seconds in the US and affects every third person in the country according to Cybint. Let’s take a look at the so-called “bad apples”.

Black Hats – The stereotypical cybercriminal. They’re looking to steal, alter, or destroy data. Their primary motivation is often personal or financial gain.

Cyberterrorists – Vicious hackers aimed on causing mayhem and creating fear; the group most likely to cause physical death and destruction.

Organized Crime – Groups of hackers working together, usually for financial gain. Much like a “digital gang” so to speak.

Cyber Espionage – Information thieves, stealing for the purpose of gaining a competitive advantage. Also known as spy hackers, these people are stealthy. Businesses and individuals can be victims and not even know it because there’s no alert of a breach, no ransom demand, none of that. Since they basically spy for secret information, there’s not much of a way to know when they’re doing this.

Cyber-Mercenaries Third-party hackers for hire. For the most part, sort of like a digital enforcer or hitman in the sense that they’re in – and then they’re out. They’re quite good at covering their tracks and can even plant evidence, pointing towards an innocent party. 

Script Kiddies – Hackers with lower-level skills and expertise who use existing scripts or codes to hack into computers instead of writing their own. These unprofessional and immature hackers can be a menace to individuals they target to harass or whose lives they try to infiltrate.

Treading Somewhere in the Middle:

Gray Hats – These hackers typically find a security flaw in market available software and then disclose the vulnerability publicly with the intent of forcing the software manufacturer to quickly patch the vulnerability. While this is considered unethical behavior, they don’t hack for any sort of personal gain nor for any destructive end-goals, placing them somewhere between white hats and black hats.

Hacktivists – Hackers motivated to further social or political causes. Take Reddit co-founder Aaron Swartz as an example. He hacked for the public to have free access to information. Before his tragic death at the age of 26, Swartz was amidst threats from federal prosecutors over the alleged illegal download of 4.8 million documents from the online digital library JSTOR in an attempt to make them free and accessible to the public. 

Typical Demographics & Psychographics:

Please Note: While these are typical demographics & psychographics of hackers, it certainly does not mean every person who has these characteristics are hackers. That would be like saying everyone who goes to the gym and works out often is a fighter or athlete… so you see, it strictly depends on the individual. Don’t rush towards any false assumptions of people.

Based on research from HackerOne, 90% of hackers are under the age of 35. It’s widely known hackers are a male-dominated population, but it’s quite shocking just how young many hackers are today. It was only two years ago that the National Crime Agency (NCA) of Britain, stated the average age of British hackers behind some of the world’s most high-profile cyber attacks was just 17

Hackers are generally antisocial – their obsession exists in hacking. Hours spent challenging themselves on a computer satisfies them. They’re not too big of fans when it comes to communication, notably when doing their work. They’re independent and self-directed in the sense they want to learn how things work themselves and attain pleasure in doing so. Take it from a famous hacker.

“If you give a hacker a new toy, he’ll take it apart to figure out how it works.”

–Jamie Zawinski, Lisp hacker and early Netscape developer

 A deep sense of curiosity and thrill provided by the intellectual challenge seems to be rooted in the hearts of most hackers.

 “I was addicted to hacking, more for the intellectual challenge, the curiosity, the seduction of adventure; not for stealing, or causing damage or writing computer viruses.”

–Kevin Mitnick, famous hacker responsible for attacks during the 90’s on large corporations like Sun Microsystems and Motorola.

Hackers tend to have a vast interest and knowledge in coding and computer programming as a whole. There are hackers who learned and developed their skills through formal education at colleges/universities, and there are hackers who are self-taught – but it appears a gigantic gap has emerged between the two.

According to HackerOne’s 2019 report, less than 6% of hackers learn their skills in the classroom. 81% of hackers surveyed say they learned their craft mostly through blogs and self-directed educational materials like Hacker101 and publicly disclosed reports — compared to 58% the year prior.

The time of day in which hackers hack doesn’t appear to make a difference. Hackers know a business is either secured or they’re not. It’s a matter of where hackers dedicate their time to hacking. It’s about following the right trail rather than planning the right time. They attack when they want to and can. They’re opportunists scanning the Internet for vulnerabilities, any “unlocked doors” to get a foot in. Once they break in, they take anything of value. 

Lastly, hackers aren’t necessarily limited to certain areas/regions of the world. Hackers come from just about anywhere and their targets are everywhere. 

What Are They Looking For?

Access to your computer, your company machine, your data. Not because they necessarily think your machine contains a pot of gold, but because once they gain access they can move laterally between systems and networks. There are numerous tricks embedded in the minds of hackers used to gain unauthorized access. Below are some of the commonly used tactics, according to the 2019 Data Breach Investigations Report by Verizon.

Weak Passwords

How It Works: With $300 in equipment, a hacker can run billions and billions of simple, lowercase, eight-character password combinations a minute. Below are some of the most common and effective password attacks.

Dictionary Attack – A program that uses commonly used password combinations as well as every defined word in the dictionary. This is why you should never have one simple word as your password, and you should always use a combination of letters, numbers, and special characters.

Brute Force Attack – Tools exist that allow hackers to try every possible password combination to eventually gain access. Brute force attacks were ranked fourth in terms of top hacking actions in all breaches… which is why longer passwords greater than 12 characters are more secure than shorter ones that are more easily cracked. But even still, every password, no matter how long, is theoretically crackable. This is why two-factor authentication (2FA) is such an important security control.  

Malware Attacks

How It Works: A malicious software that is harmful to computer users. An infected website, USB drive, or application delivers software that can capture keystrokes, passwords, and data. The top malware action in data breaches is the creation of a backdoor, a means to access a computer system or encrypted data that bypasses the system’s customary security mechanisms.

Phishing Emails

How It Works: By far the most commonly used social engineering attack. Official-looking but meant-to-scam emails prompt you to enter your password or click links to infected websites. This is hackers’ most effective form of attack, having been employed in over 30% of all data breaches.

Don’t click on suspicious emails!


How It Works: In terms of total incidents, this is the second most popularly used malware action. Hackers hold your computer system hostage, allowing them access and complete control over your data until you pay a ransom. You’re blocked access to what is yours due to a maliciously designed software.  To learn more about ransomware, check out this post where we break it down.

Lesson Learned:

It’s best to be protected with a comprehensive data backup solution that can recover individual files, a specific email attachment, or an entire system. You know the old sport-themed saying “defense wins championships”? Oh-how that perfectly applies to business success. If you want to see all the potential ways businesses can lose data beyond just hacking, explore this post.