He developed this model of cyber attacks using theories of human motivations that I've just described. But also putting it into a more global context and focusing on cultural aspects,
cultural factors may influence the motivation of the attacker. And also looking at the profile of the organization that is being attacked.
This is useful because the theories that I was explaining before really focus on just individual perceptions in individual motivation. But, you can't really take individuals out of their cultural context, okay. So that hacking should be seen as partly culturally determined as well as individually determined. What Kshetri has done is looked at some of the characteristics of source nations. So you know where the source being where the hacking is originating, where is it coming from.
In certain countries probably would be more conducive to hacking. All countries have people good at computer skills. Why do some countries produce more hackers than others? Well, could be due to something about the nation itself, or the country. When economic conditions are poor, jobs aren't plentiful. Those with good computer skills who normally could be highly employed in many countries, they have a difficult time getting legitimate employment. They may then use those skills for criminal purposes. Also countries vary in terms of the regulations and social norms. In some cases hacking is not seen as as much a criminal activity as it is, say, in some western countries. So there's characteristics of the source nation that will influence the motivation for attackers. There's also characteristics of the attacker. But in the middle here, ad we're looking at it under motivation for the attack, what Kshetri has outlined are sort of three primary sources of motivation that relate to the continuum I had on an earlier slide. There's extrinsic motivation.
And then there's pure intrinsic motivation, enjoyment base. We do it because it is fun, gives us autonomy, provides a challenge.
Then there's a sort of middle one, the sort of obligation we're doing it because we feel obligated whether to a country, to an organization or to a group that we belong.
But the motivation for the attack may actually determine what type of attack ends up occurring.
Earlier we talked in an earlier lecture, we talked about targeted attacks, carefully planned out and opportunistic attacks. Those that sort of just present themselves.
Well when in a state of flow or when operating out of intrinsic motivation, people may be more likely to pursue opportunistic attacks. What's available now? Whereas extrinsic motivation, looking for a financial gain for example, or obligation to social groups you belong to, they'd be more targeted. More carefully planned out.
Also, the profile of the targeted organization is gonna influence the type of attack, especially if you're looking at it sort of for political purposes, or for financial gain.
You're gonna look at the symbolic and financial significance of the organization. And also any sort of weaknesses that they may have in their organization. And this sort of then explains the different types of hacking that we see.
Your positive deviance, if you will, the whitehat hackers are probably gonna be operating perhaps more out of enjoyment-based interests and motivation.
Your hacktivists may be operating more out of community. They're obligation based intrinsic motivation.
Those who are motivated most by financial outcomes or gain, extremes of motivation, would be targeting organizations. And finding those that will maximize their outcomes. In all cases though, you can bring it back to expectancy value theory. Okay, they're attacking and they're performing a behavior striving for some goal based on the outcomes whether its enjoyment or financial gain.
$30 off Norton Security Premium 1 Year. Use code NSBUCA30OFF. MSRP $89.99
And when they think that its likely there's a chance that they will attain value to outcomes whether they're intrinsic or extrinsic the motivation to hack will be quite high.
No comments:
Post a Comment