What’s the Difference Between Hackers, Malware, and Data Breaches?

Person on phone and laptop

We’ve all read about various forms of cybercrime and its various levels of impact. Oftentimes we hear about a company whose network has been compromised, leading to the loss of sensitive information. But that’s just one scenario out of many. For example, just exactly who is a hacker and what’s the difference between malicious hacking and ethical hacking? And how do you define what happens after a successful hack? Is it a data breach or a security incident?

Before I dig in further to make sense of it all, there are three simple categories into which all of this comes together: those who break in, what they use to break in, and what happens after a break in.

Who is trying to break in to your accounts?

  • Malicious hackers: A person or a group of individuals who make a concerted effort to break into an organization’s network or a personal computer or device to do harm of some kind. They are often in it to make money and work somewhere in the Dark Web. These individuals are called Black Hats. Malicious hackers can also be those who have been tasked, as citizens or otherwise, to instigate a nation state-sponsored attack meant to disrupt operations or steal information from a government organization or company in the private sector within another nation-state.
  • Hacktivists: A person or group of people who might either break in, or simply knock on the front door to prove they could break in if they wanted to. Hacktivists are not in it to make money. Their goal is to promote a personal or organization’s agenda, or affect social change. Basically, a hacktivist wants to make a point that networks and computers are not impervious to their attacks, and what they can view, extract, and share may be information they feel should be shared publicly. For example, Wikileaks is a well-known hacktivist group.
  • Ethical hackers: An ethical hacker, sometimes called a security researcher, will work to find and exploit a vulnerable piece of technology (aka a vulnerability). These individuals often identify a software or hardware flaw and inform the vendor that something needs a patch. For example, LastPass has a bug bounty program where security researches can responsibly report any issues they find. When valid issues are found, we offer rewards proportionate with the severity of the issue. This is a great way to keep your product strong and safe.

What are they using to break into your accounts?

Software in the form of executable code or a script that has been programmed to break into a network or computer, to cause harm or not, has many names and forms. The overarching term for this is “malware” which is shorthand for “malicious software”.

Malware essentially activates itself once it gains entry through a vulnerability. The code itself has many names and variants including virus, worm, ransomware, adware, and Trojan Horses. Missing from the list is “bug” because it is a flaw (or mistake) that made its way into existing software or hardware by the engineers who programmed it.

What happens after your accounts have been compromised?

We hear “data breach” in the news associated with companies like Marriott and others. A data breach is an after-effect of a security event or incident. From a legal perspective, what it is called makes a very big difference.

  • Security event: This is when something has occurred that presents a security risk to any degree of severity. It is essentially a noticeable change in the typical behavior of network, system, process, or computer. It can range from a normal event that does not require a response, to an emergency event which requires immediate action.
  • Security incident: The difference between an event and an incident is human. An incident is something that can be determined to be caused by a person or group of people. An incident can become a serious situation when it is determined that there is malicious intent behind it. As a point of clarification, all incidents are a form of an event, yet not all events constitute an incident. For example, when there is a defect or flaw (aka our friend the bug) there may be a technical failure as a result. This is a random event, and not an intended, malicious one.
  • Data breach: This is a type of security incident where sensitive information has been exposed and stolen due to unauthorized access. An organization that has suffered a data breach is bound by regulations such as HIPAA to inform those who have been affected by the loss of their personal information such as credit card numbers or patient health information (PHI).

How to Keep from Getting Broken Into

There are dozens of technologies and associated processes that layered together to reduce the amount of risk to a reasonable degree. Gone are the days where an organization can comfortably say they are safe from attack. Nowadays it is more about knowing an attack will happen, determining acceptable levels or risk, and focusing on the areas that are most vulnerable.

Consumers can do a number of things to raise our awareness and get educated. This can include understanding what a phishing email looks like or being diligent on hacking prevention and data security.

Speaking of the latter, I can think of a certain password manager and digital vault that can help keep your online accounts safe from harm.

One Comment

  • Steve Koshorek says:

    I thought that two-pass authorization was pretty foolproof, but my wife’s Social Security database information was changed without our knowledge late last year. Her mailing address was changed, and her drug company notified her of the change. I accessed her online data, using two-pass authorization with my smartphone, and found the new, incorrect address. We contacted Social Security to get it changed back, but I did not think to check her other data. About 2 months later I noticed that her last two monthly payments had not made it to our checking account. Yep, the hackers had also changed her checking account info to another bank and account. It took two months for Social Security folks to do their investigation and issue us our money, and meanwhile I was locked out of our own account. Do you think I could get any answer from them on how this could happen? No way. Since my cellphone was never out of my hands it had to be an inside job by one of the Social Security employees, or someone on the outside successfully hacked the Social Security database. If the latter, they certainly want to keep it quiet, because I doubt anyone smart enough to beat their security would stop with just screwing with one person’s data. I wonder how many people’s money was stolen? Anyone else have problems with their Social Security checks late in 2018?