Hacking is an industry, just like contracting, banking, manufacturing, or software development. Some of the biggest hacker organizations have salaries, HR departments, benefits packages, paid vacation incentives, and IT help desks, exactly the way that the biggest legitimate corporations do. Along those same lines, hacking is an industry with a complex and modern supply chain, where organizations of all sizes and independent contractors, and governments, buy and sell tools and software. The incentive comes from all imaginable sources for an individual to break into computer crime, and equally as appealing to organizations that don’t take ethics seriously.
In the same way that a legitimate business might use a tax and accounting software online in a Software-as-a-Service (SaaS) model, simply paying a monthly fee for access to a large set of tools and features, hackers have access to similar services for hacking. Imagine any of the modern business tools your organization uses to conduct your operations. Hackers have an equivalent. There are marketplaces to buy and sell access, extensions, apps, devices, accessories, and even job boards for hackers. Hacking tools and services are just as user-focused and automated as anything a legitimate business uses. The reality is that someone that has limited technical know-how is capable of reaching out into the internet and probing for vulnerable devices actively and continuously.