The list of organisations that have suffered security breaches is significantly longer and growing every day. The number and scale of successful attacks are continually rising, proving that hacking is a threat that every business must take seriously.
What Exactly do We Mean by Hacking?
In digital terms, hacking can be defined as gaining unauthorised access to a digital asset. This could be a secure website, a cloud environment, a wireless network, or even a physical machine such as a server or printer.
What Motivates People to Hack?
Primarily, people hack for one of the following reasons:
Mischief: Some people are just out to cause trouble. They do it to show off to their peers and to disrupt people’s lives purely for a thrill. There is little point to their actions, but they still produce the same result as any other hack: disruption, distress, and, potentially, loss of income.
Ideology (Hacktivism): Some people hack targets that conflict with their political or social beliefs in order to show their opposition. This can range from defacing websites to leaking sensitive information to damage a target's reputation.
Money: The most common motive behind the overwhelming majority of hacks is financial gain. This has evolved beyond simple data theft into a multi-billion dollar industry centered on crippling ransomware attacks. Attackers encrypt an organisation's entire network, causing complete operational paralysis, and then demand a hefty payment for its release. They may also use a 'double extortion' tactic, threatening to publicly leak stolen sensitive data if the ransom isn't paid.1
How Can You Protect Yourself from Security Breaches?
Keep your software up-to-date: This applies to all devices, servers, and applications connected to your organisation. Timely patching of known vulnerabilities is one of the most effective security measures you can take.
Audit your hardware and software: Old or incorrectly configured infrastructure and software can be a real liability. A professional Security Assessment can highlight potential issues before anyone has the opportunity to exploit them.
Adopt a strong security policy and enforce it: Human error is still a major factor in many security breaches.2 There are many issues to consider here, from users choosing weak passwords to sensitive data being stored insecurely. Enforcing Multi-Factor Authentication (MFA) is a non-negotiable baseline for modern security.
Your Next Step: A Practical Framework
These three steps are a great starting point, but building a truly robust security posture requires a more detailed framework. For business leaders who want a clear, non-technical roadmap, we’ve created A Practical Cybersecurity Guide.
Drawing from established frameworks like CERT NZ's Top 10 and the Australian Signals Directorate's Essential Eight, this guide outlines the critical steps to protect your organisation's assets, from access control and data protection to incident response planning.
A Multi-Layered Approach is Key
Protecting your digital assets isn't about a single tool or a one-time fix. It’s an ongoing commitment to a multi-layered strategy that includes technology, processes, and, most importantly, people.
Whether you need a comprehensive Security Assessment to understand your current vulnerabilities, ongoing Cybersecurity Services to monitor and protect your environment, or a review of your IT Environment's configurations and practices, our team is here to help.
Footnotes
1 Sophos, The State of Ransomware 2023 (2023).
2 Verizon, 2023 Data Breach Investigations Report (2023).
Verizon research found that 82% of breaches involved the human element. This includes everything from people falling for phishing scams and social engineering attacks to simple human errors like misconfiguring a cloud server.
Editor's Note
This article was originally published on November 20th, 2015. Given the rapidly evolving nature of cybersecurity, it has been updated to incorporate more recent examples, current practices, and fresh insights into the topic. The core advice remains as relevant as ever, but the context has been refreshed for today's digital landscape.