The Human Behind the Cyber Criminal – Knowing your Enemy

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

Sun Tzu – The Art of War

I was asked a very interesting question during an interview yesterday, and the more I think about it the more I thought it would make an interesting thought piece.

The question my interviewer asked me was:

“Do you think that cybercrime will increase due to the current pandemic and lockdown?” 

Initially, I responded very similarly to much of the other commentary on the subject, that cybercrime was seeing a sharp rise, especially in the phishing and ransomware areas, but then the conversation branched (as many of my conversations do when talking about information security in a relaxed setting). 

I found myself explaining to the interviewer about the cyber criminals themselves, the situation they are in and the motivations for stepping up their criminal activities. It provoked some interesting thoughts on the matter very rarely covered in articles, and thus here I sit, writing this article and considering an additional chapter to my book.

Cyber criminals

Who are they and why do they do what they do?

Initially, when I began to consider the question, the Sun Tzu quote above instantly sprang to mind. Being a keen cyber and conventional warfare enthusiast (a discussion for another time), it made me re-evaluate cyber criminals and the psychology behind it. I am sure a full blown psychologist would break it down in far more depth than I ever could, but having been in this business for as long as I have, I have gotten pretty good at psychology, especially in the corporate areas.

Cyber criminals are people, and whilst that should not come as any great surprise to any of you, you need to remember that these people are motivated by the same wants and needs as anyone else.  It’s just they use illicit means to get to what they want, and pandemics and global shutdowns are just going to expedite that, especially if those individuals are living in a country that has not got the capacity to support its citizens during this hard time.  Let’s face it, even the western world is struggling mightily with all of this, so what chance does a poorer country have… not much, and there is pretty good evidence from the IMF and World Bank that it’s going to get a hell of a lot worse before it will get better. 

This will mean we will likely see a huge upturn in malicious code, cyber attacks and general cyber larceny than we have ever seen in the past.

Why is this? Because people are struggling, they are struggling financially, mentally and in some cases physically, and during such times the average human will go to extraordinary lengths to protect themselves and their families. As an example, who here – if they were penniless and their children or family members were desperately hungry – would not steal a loaf of bread or a tin of beans for their children to eat if there was no other option? Yes, some reading this will take the moral high ground, but I guarantee that if you became desperate enough you would do anything to protect your families. I mean anything.

Enough setting the scene.

What are the drivers behind cybercrime?

Cyber criminals are people. They don’t start out as cyber criminals, they put themselves into that position either due to circumstance such as being desperately poor, fundamentalism due to a strong belief in a cause or because they can – it’s an adrenalin kick.  Ultimately, if there is not a fundamental gain then they would likely not bother committing cybercrime in the first place.

Next, you will find that each and every cyber criminal is usually pretty savvy with technology, coding and psychology.  Ok, you do get a very differing level of talent involved but in order to do what they do they have to have a decent level of knowledge of technology. They are also intelligent – they may or may not be cunning but they are usually pretty intelligent.

Finally, the world is a very diverse community. People from different backgrounds, cultures, etc. will have different values and views, some will have no problems justifying criminal acts, maybe because they come from a poor background with no government aid, to those out of work, or maybe their community has very strong views on subject matters. Maybe they hate what big business or governments have done to their communities, maybe they live in an environment where death and disease is commonplace… the list is endless but there are people out there performing criminal acts because they genuinely believe that what they are doing is justifiable or because they simply have no other choice.

Anything else?

On top of all of that, let’s thrust a pandemic with a global shutdown on them, which could result in:

  • Loss of income
  • Loss of healthcare benefits
  • Mounting debt from mortgages, card payments, etc.
  • Being locked in the home for extensive periods of time
  • Anxiety over the future, both health wise and economically

Anyone would be anxious with this list. How do we know? Because we are all living it now, we are all worried for our jobs, the economy and the paying of bills and feeding our families… but the only difference between us and cyber criminals is that they have the morals (or lack of) to steal from others electronically or through social engineering. The motivation is there and the ability is there, so with nothing more than time on their hands they can spend a great deal of it targeting and refining attacks – they have nothing else to do after all. There is also the fact that the international community is so worried about the coronavirus that hacks can easily go under the radar, not to mention with the quick implementation of remote working and employees working from home, it has only made security harder to manage. It’s also a lot less likely that they will get caught.

Thus we see the meteoric rise in security events, though many of them will go unreported in the media and to be honest people are very unlikely to find out their organisation has been breached until further down the line.

It is a very tough situation in information security at the moment, these types of global disasters are a nightmare to deal with for everyone. The longer it goes on, the worse security events are going to get because, unfortunately, people will get desperate.

Jim’s Top Tips

So what can we do to protect ourselves from this increase in cyber criminal activity? I can sense Jim’s top tips coming on!

Review your information / cyber security stance

It’s changed, trust me, it has. Ok, maybe 10% of global business is operating as normal, but the working environment both logistically and technically will very, very likely have changed. Maybe there is a new centralised phone system or increased VPN use from remote workers. Maybe people are using their own devices to access work. The list is endless, but the advice is the same – look objectively at your organisation’s operations as they are today and try to identify holes, then plug them.

Furloughed staff

Why is this a thing, I hear you ask? Well, did you just furlough your infosec team? If you did, you may want to reconsider that, with the state of cybercrime at the moment.  If you don’t have infosec people, then get some advice from a company that can provide you that service.  Whilst I love IT people, what they do is a very different discipline from what we do in the infosec field. Yes they can do the technical security, but information and cyber security is far more than a bit of technology, so if you have furloughed a large portion of your staff seriously reconsider at least one of your security specialists, if nothing more than to have a security specialist at hand to deal with potential issues and / or attacks.

Record the failings of BCP

You’re likely in a BCP situation, if you had a plan I hope it’s working well, if it’s not or you didn’t have a plan, it is imperative you list down what the issues have been, the challenges and problems you have faced in trying to keep the company operating. Why? Because that should form the basics for a new BCP plan that you should probably create when this is all done and dusted!

Layered defence matters

You need to take an objective look at your organisation and its critical infrastructure, in essence, re-evaluate your infrastructure and working environments (since they have likely changed with everyone working remotely) and ensure you still have defence in depth. Look at IDS / IPS, your firewalls, your VPNs, your encryption strengths, network countermeasures and figure out what you need to secure the environment. It is highly advised to look at the remote working situation, with everything going on it has forced a great deal of change that has likely not gone through the usual security evaluation process so there will likely be holes.


There are some fantastic solutions out there from companies such as Nominet, Cofense, Opswat, Libraeseva, Picus, Qualys, Picus, etc. and any number of vendors with award winning products.  The trick is to get these solutions in properly. Layering your defence for malicious code and potential hacks is key to a strong defence posture.   Also consider awareness and training solutions as well as qualified information security as part of your defence in depth.  Don’t just leave it to clever technology, make sure you have the staff and the talent too, this provides full defence in depth.

There are plenty of others, so if you have need of some recommendations get in touch with us and we will recommend some products to look at or some actions to take, and don’t worry, this first conversation with us is on us, free of charge.

Some products to look at

Cofense – Phishing Defence

Libraeseva and Agari – Email Security

Logpoint – SIEM solution

Opswat – Antivirus for clouds and on premise

Picus – Breach and Attack simulation

Don’t be afraid to ask for help

Finally, please feel free to contact us if you want advice, we are here to help and we will as much as we can, these are tough times and Razorthorn is here to assist you through it. If you need us then call.

As a final statement, please all stay healthy, we at Razorthorn hope you are all ok and well during these rather unpleasant times. If you would like to talk to us about this or any other security requirement then please feel free to call us on 0800 772 0625 or email us at and we will be more than happy to assist.

Keep an ear to the ground

Intelligence into current attack patterns, trends and changes will be critical in the coming months, so keep an ear to the ground because we are only really at the tip of the iceberg when it comes to security attacks. It’s early days yet…

Follow Us