Cyber-attacks are hitting the headlines on a daily basis and a lot of effort goes into both preventing them and dealing with the consequences when they have happened. Understanding the motivation behind attacks can help organisations understand more about the risks they face so that they can tackle them. So why do cyber-attacks happen? 1. For financial gain This is the most likely reason an organization get attacked. Criminals are looking to gain financially in three main ways: Data breaches to feed identity theft. Third-party fraud is fuelled by identity theft, and breached data gives criminals the information they need to take over someone’s identity. In the UK the CIFAS Fraud Scape 2016 highlighted a 49% growth in identity theft over the previous year. Criminal gangs are well-organised and operate on a commercial basis – there is a supply chain, those that steal data are unlikely to be the same criminals who commit the identity theft and fraud. The dark web provides a market place for stolen credentials – with those that have stolen personal data selling it on to those who wish to commit fraud. Cyber-attacks with financial demands. A modern take on blackmail, this can affect organisations of all sizes as well as individuals. There are many variations — for example, hackers takeover a victim’s computer and freeze it, they then offer to reinstate access after a ransom has been paid. Another variation lead to a recent case where guests at a hotel in Austria were prevented from entering their rooms until a ransom had been paid – the hotel is reportedly removing electronic locks accessed with cards and reverting to old-fashioned keys! Attacks to perpetrate a direct fraud on a business. This type of attack usually involves the diversion of funds from their legitimate destination to a fraudster’s account. Criminals use techniques such as phishing and vishing to tease out enough information to enable them to mount an attack. They then access email systems and send emails that look legitimate but aren’t. A variation of this attack is invoice fraud when an email is received that looks like it is from a legitimate supplier and is advising of a change of bank account details – unfortunately, the bank account details supplied are those of a fraudster. This kind of fraud often combines elements of cyber-attack with offline elements such as social engineering. 2. To make a political or social point Hacktivism involves breaking into a system for political or social reasons. Until relatively recently, this was seen as the domain of underground organizations such as Anonymous. The recent US election has put focus on the role that governments might play in furthering their aims through hacking activity. Hackivists look to access information that can damage their intended target. Hacked information often ends up on Wikileaks; the breach at Mossack Fonseca and subsequent publishing of the Panama papers is a good example of this. Hacktivists also mount cyber-attacks to stop their targets carrying out their normal activity, known as Denial of Service or DoS attack. Governments and political bodies are often the target of DoS attacks. Hacktivists come from across the political spectrum. Terrorists may use hacking to attack their targets but other hactivists are intent on bringing down ISIS websites. Many businesses may feel that they are unlikely to be a target for political or social hactivists, though it is well to be aware that the targets of these attacks vary greatly. If someone objects to your operations, you could find yourself at the wrong end of a hacktivist attack. 3. For the intellectual challenge This type of hacker plays to the stereotype of the socially awkward loner who lives in a virtual world and turns to hacking for both the intellectual challenge and the adrenaline rush of breaking into a network. Interestingly, research by Bernadette Schell, a researcher at the University of Ontario Institute of Technology, found that hackers