The Mind of Hackers: 86% Don’t Believe They’ll Face Repercussions

PRESS RELEASE

WASHINGTON, D.C. – August 14, 2014 – Thycotic, a provider of smart and effective privileged account management solutions for global organizations, today announced the results of a survey of 127 self-identified hackers at Black Hat USA 2014. The survey, which was conducted live between August 6th and 7th at the conference venue in Las Vegas, found that an overwhelming majority (86%) of hackers are confident they will never face repercussions for their activities. In a double-edged sword conundrum, 88% of respondents also believe their own personally identifiable information (PII) is at risk of online theft. 
 
Read the executive summary report here: http://bit.ly/blackhat2014
 
Asked which types of employees they would most likely target first in order to gain login credentials for a particular company, 40% of the hackers polled indicated they would start with a contractor. This is especially relevant, given that Edward Snowden was a contractor, and used his privileged access to steal sensitive NSA documents. Additionally, 30% of respondents would first target IT administrators, highlighting the importance of locking down access controls to privileged accounts.
 
Other key findings from the survey include:
·      More than half (51%) of hackers say their actions are motivated by fun/thrill seeking, while only 18% say they are motivated by financial gain.
·      Meanwhile, 29% claim they are motivated by social consciousness or a moral compass.
·      99% of respondents believe that simplistic hacking tactics such as phishing are still effective.
·      53% of hackers do not believe users are learning to avoid such tactics.
 
“The motivations and inner workings of today’s hacker community have always been somewhat mysterious, but the damage they can do to an enterprise is painfully clear,” said Jonathan Cogley, founder and CEO of Thycotic. “Understanding why hackers do what they do is the first step as IT security teams take measures to better control and monitor access to company secrets. Organizations need to do a better job of protecting the passwords and privileged login credentials associated with contractors and IT administrators, as these employees are a huge target for cybercriminal activity.”
 
Full survey results are available upon request.
 
About Thycotic
Thycotic deploys intuitive, reliable solutions that empower companies to remove the complexities associated with proper control and monitoring of privileged account passwords. A 2013 Inc. 5000 company, Thycotic is trusted by more than 100,000 IT professionals worldwide – including members of the Fortune 500, enterprises, government agencies, technology firms, universities, non-profits, and managed service providers. To learn more, please visit www.thycotic.com