What drives some people to hack into computer systems? There can be no doubt that money is a huge motivation for many cybercriminals with around 86% of data breaches being financially motivated according to an investigation carried out in 2020. But is it the sole reason for computer hacking?

Less than six months ago, as Europe sat on the brink of war, reports showed that 74% of ransomware revenue was going to Russian-linked hackers, and with Russia, China, the USA and Iran all ranking in the top 10 countries with the most hackers in the world, there is a good chance that the motivation behind some computer hacking could perhaps be for other reasons such as political espionage.

What is a hacker?

A cyber hacker is any unauthorised user who breaks into an individual’s or organisation’s computer systems. They often install dangerous malware such as Trojan Viruses or Ransomware without the owner’s knowledge or consent in order to steal, change or destroy information. Generally, hackers have a high level of technical ability and knowledge which they use to breach security software and access personal or confidential information.

Are all hackers bad?

Perhaps somewhat surprisingly, there are actually good and bad hackers out there and different types of hackers have different motivations for their activity. Here we explore a few:

Black Hat Hackers – These are the bad guys. Their intension is to use scams and hacks to steal funds or sensitive information from individuals, businesses and banks, either to make money by stealing it directly from hacked accounts, selling the information they access to other organisations on the dark web for a profit, or by holding the victim to ransom, demanding cash to remove the malware they install.

Nation State Hackers – Some countries have officially employed hackers to carry out government backed cyber-attacks with the aim of either releasing information to the public to cause political unrest in an enemy state or to attack an enemy country’s websites and servers to cause disruption. They may also use the opportunity to gather military intelligence information. While this is obviously still criminal activity, it could technically be argued that these hackers are classed as good or bad depending who’s side you’re on?!!

Corporate Espionage – Employed by companies, these types of criminal hackers are mainly tasked with stealing intellectual property such as trade secrets, business plans or financial data from competitors to gain competitive advantage or damage another company’s reputation.

Hacktivists – Not driven by money and perhaps in some cases with good intent, these hackers often work in groups to make a political, ethical or social statement. They tend to either publicise hacked information which will embarrass an organisation or create mayhem by disrupting a company’s computer network and make changes to their website in order to post their own message. The intention of both is to advertise their cause and expose what they consider to be wrongdoing.

Revenge Hackers – Some hackers want to take revenge on an individual or organisation who they feel has wronged them in some way. Motivated purely by anger, this type of hacker is just looking to inflict virtual pain on the victim through methods such as locking their devices, deleting data or even hijacking their social media accounts to post inappropriate content.

Just for Fun! – There are hackers out there who just like to cause chaos. They want to challenge themselves and prove to fellow hackers what they are capable of to gain notoriety. They don’t have any real motivation other than infamy and the thrill they get from creating disruption.

White Hat Hackers – This is the only type of hacking which is considered legal. White hat hackers are normally computer security experts who are employed by companies to protect from cyber criminals. They use the same methods as illegal hackers but with the organisation’s permission, looking for gaps in a network’s security in order to prevent or fix any threats to the system.

Red Hat Hackers – Similar to White Hat Hackers, these are vigilantes who take it upon themselves to hack in to networks to fight off the Black Hat Hackers of their own volition. The difference is that they are not invited to do so and often cause as much harm as they do good by employing quite ruthless techniques such as installing additional malware to counter the original threat. Therefore, this is still classed as illegal activity.

How to protect your business

Hackers will always find new ways to break into computer networks but keeping your cyber security up to date is key to combating the problem. Installing the latest security software and regularly backing up data can both assist with this, as well as the option to employ White Hat Hackers to look for holes in your security systems if your budget allows.

Educating staff in best practice with their individual devices is another good way to avoid possible hacking issues, including being mindful of opening links or attachments from unknown email addresses, using passwords and encryption to protect sensitive information, only downloading apps from reputable sources and avoiding logging into accounts while using public WiFi.

No system is completely safe from hackers but understanding their motivations and what measures to put in place to combat the problem can help to keep your computer systems safe.

 

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

We achieve this by providing highly responsive programme/project resources skilled in analysis, project management and execution, whose effectiveness is sustained by our Service Delivery Function. This includes a centralised PMO function that helps achieve project/engagement success by embedding accountability and governance from day one.

The long-debated changes to the IR35 Off-Payroll tax regulations have been in law for over two months now. In the run up to implementation there were countless predictions as to what impact the changes would have on businesses, Limited Company Contractors, and project delivery. In this article I examine three of those widespread industry predictions to see to what extent they have come true, and the impact the changes have had on organisations’ relationships with interim resources and their ability to deliver technology projects.

Prediction 1: Project Delivery Costs will increase due to increased rates demanded by “inside IR35” contractors

Despite being delayed by a year, some organisations, particularly within the Financial Services Sector, pressed on with pre-planned changes to the way they engaged interim resource with the well-publicised “LTD company contractor ban” starting from April 2020.

That caused a somewhat “false dawn” of minimal impact to IT project costs as the pandemic took a complete grip on the UK economy and firms, quite understandably, delayed, or cancelled IT projects and drastically cut back on consultancy and contractor spend. The offer of a 6-month project to a contractor would likely have been gratefully received in most cases – regardless of IR35 status. Working on a PAYE basis via an umbrella was an unwelcome, but begrudgingly accepted, evil for most – resulting in minimal impact to project costs.

Fast forward a year and two months and the story is very different. The World has adapted, the IT sector is once again booming and demand for IT project expertise is greater than ever before. Firms who are unwilling to adapt to IR35 are now finding it increasingly challenging to attract and retain the best possible interim resource without stumping up the costs required to deliver their projects – either by increasing contractor rates or procuring expensive consultancy support.

Prediction 2: Firms relying on PAYE contract resource will face delays to IT Project Delivery

Quite simply, there is no evidence that IR35 has been a primary reason for IT project delays… yet!

However, we are beginning to see a common trend regarding the increased challenge in retaining contractors who are either deemed “inside IR35” or not permitted to operate at their end client via their Limited Company. Competing firms who are fairly assessing and offering “outside IR35” contracts are understandably finding it easy to attract contractors. As the post COVID surplus supply of IT contractors diminishes, we are starting to see hiring organisations finding easy hunting grounds in companies who have a rigid “no PSC Contractor” approach. As this trend continues, it will inevitably lead to project delays as specialist knowledge and experience walks out of the door.

Prediction 3: Statement of Work (SoW) contracts will become “the new normal” in engaging contractors

SoW has been used within contracting for many years. In the US, it is the primary engagement model for IT contract workers and has been used increasingly in the UK long before most people knew anything about IR35. But for many, SoW is a new way of working as it has been seen to be the “silver-bullet” around IR35 that would solve all problems for contractors, agencies, and end clients alike – and therefore it was predicted by some to become the primary engagement model for firms engaging contractors.

Two months post Off-Payroll changes, and we are seeing there has undoubtedly been an uptake in demand for SoW. Most large recruitment agencies with significant contractor books have developed some sort of SoW offering. This is beginning to create a minefield for end clients as they try to distinguish between recruitment agencies that have created a true service offering with the ability to provide governance and assurance on well-defined, deliverables-based SoW engagements and those who have not. Making the wrong choice of partner firm can be costly and therefore organisations are rightly taking a cautious approach to engaging via this model – and whilst increasing in popularity it is by no means yet the new normal.

 

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

We achieve this by providing highly responsive programme/project resources skilled in analysis, project management and execution, whose effectiveness is sustained by our Service Delivery Function. This includes a centralised PMO function that helps achieve project/engagement success by embedding accountability and governance from day one.