Have you ever watched a movie and seen a character doing something you know how to do, and thought to yourself, “jeez, that’s totally wrong. Couldn’t they have done a little research?”

That’s exactly what hackers think when they watch movies, too. For most of us, the image that comes to mind when we hear the word “hacker” is pretty stereotypical: probably a young guy wearing a hoodie and headphones, in a basement, surrounded by fancy displays full of unintelligible code that looks like it’s straight out of the 1999 movie the Matrix, with only nefarious intentions at heart. We have that image for a reason; that’s how many films have portrayed such characters.

But, just like those times when you see a movie or TV character totally screwing up the thing you know how to do, this stereotype just isn’t accurate. Not all hackers have the same motives. In fact, not all of them are even “bad guys.” Misunderstanding leads to fear, and acting out of fear is never a good thing. If you want to stay safe from cyber-related risks in the modern world, it’s important to understand the myth vs. the reality.

Common Myths

1. Every hacker is a criminal with evil intentions, who wants to break systems, steal information, steal money, cause destruction, commit cyber-espionage, or engage in other illegal activity online
2. All hackers are male
3. Hackers work alone, exclusively
4. Hackers have to work really fast, or else they’ll get caught by the authorities
5. There isn’t much money to be made, so hackers have to send lots of attacks to make their efforts worthwhile
6. Hackers only go after large corporations and government systems.

The Truth about Hackers

1. The word “hacker” really just refers to an individual who uses computers, networking, or other technology and related skills to accomplish a particular goal. That goal may not have anything to do with criminal activity, even if it involves gaining access to computer systems. In fact, some hackers use their skills for good, helping businesses and individuals become better able to prevent attacks by malicious hackers
2. Just like their varied motivations, hackers come in all shapes and sizes. While the average self-proclaimed “hacker” is likely to be male and under 35, they can be of any gender, age, ethnicity, etc.
3. As with most pursuits in life, hacking tends to be most productive when conducted by a team. It’s actually pretty common for hackers to be involved in larger groups or organizations. Some of them even have salaries and set holidays, just like the rest of us in the non-hacking working world, and may have customers and sales arrangements that include things like reseller portals and component rental
4. A rushed job is a bad job, plain and simple. Hackers have the time to take a slow and methodical approach to accomplish their aims. They know they’re more likely to be successful if they research targets, do recon, and take the time to work out the best angles of approach. In contrast, victims of attacks typically have a very short amount time in which to react or recover, especially in the case of ransomware.
5. There’s a lot of money to be made in hacking. As of the most recent Cost of a Data Breach Report, the average cost of a data breach is $3.92 million, and nearly 3 in 4 (71%) of breaches are financially motivated. In fact, the average hacker can earn up to 40 times the median wage of a software engineer.
6. Although large corporations can be desirable targets, they often have larger security budgets and teams of security professionals dedicated to protecting the business. You might think hackers have bigger fish to fry, but small and medium-sized businesses (SMBs) are prime targets. More than 70% of cyberattacks target small businesses. In particular, more attacks are focusing on MSPs specifically because of their SMB clients. Breaching a single MSP could open up data access to their entire client base.

So what do you do?

You’re already on your way. By better understanding the true methods and motivations behind the myths, you can begin to lock down your business and protect your customers against today’s biggest threats. If you haven’t already, check out our Lockdown Lessons, which include a variety of guides, podcasts, and webinars designed to help MSPs and businesses stay safe from cybercrime.

The next step is to ensure your security stack includes a robust endpoint protection solution that uses real-time threat intelligence and machine learning to prevent emerging attacks. Learn more about Webroot® Business Endpoint Protection or take a free trial here.

About the Author

Grayson Milbourne

Sr. Intelligence Director

Grayson Milbourne is the Security Intelligence Director at Webroot, Inc., part of OpenText Security Solutions, where he has worked for the past 17 years. In his current role, Grayson works to support the Product Management team to ensure Webroot products are effective against today’s most advanced threats.