As the threat posed by hackers continues to increase, all businesses should consider themselves targets. Ransomware is arguably the most damaging type of cyberattack but it’s only one of many threats.
In order to protect against these threats, it’s important to understand who you are up against. One way to refer to those who wish to harm a business is to use the term, “threat actor”. So what exactly is a threat actor and what do they want?
What Is a Threat Actor?
A threat actor is defined as any person or organization that wishes to harm a business by utilizing its IT infrastructure. It is a purposefully vague term because a threat actor can be any person both inside or outside an organization. Hackers are the most obvious examples of threat actors. But the term can also be used to describe an employee who attempts to cause harm.
Types of Threat Actors
Most threat actors fall into one of the following categories.
Cybercriminals are the most obvious threat actors. They primarily target businesses for the purpose of financial gain. Cybercrime gangs are increasingly common, but individuals can also pose a significant threat.
Cybercriminals range widely in terms of skillset and the types of attacks that they are able to perform. To protect against cybercriminals, a business needs to combat both sophisticated targeted attacks and the work of amateurs known as script kiddies.
Most businesses aren’t going to be targeted by rogue governments, but nation states are an increasingly important type of threat actor. They primarily carry out attacks for the purposes of intelligence gathering and, because of this, they typically target financial and technology companies.
Nation states have their own hackers and are known to work with cybercrime gangs. The advantage of outsourcing is that if a cyberattack is unsuccessful, the nation state can deny all knowledge of it. Nation states are very difficult to defend against because they use the most sophisticated attack techniques.
An insider threat is any person inside an organization that carries out a cyberattack. It includes employees who initiate such attacks and those who cooperate with an outside party.
Insider threats are known for being very difficult to protect against. Unlike outsider threats, the insider begins their attack inside a network and this renders many types of cybersecurity ineffective. Most insider threats also have knowledge about the business that they can use to carry out their attacks undetected.
Hacktivists are hackers that often target businesses but unlike cybercriminals, they are not interested in financial gain. Instead, they are interested in political or social change.
Hacktivists are willing to break the law and steal confidential data in order to achieve their goals. Unlike a cybercriminal, however, if a hacktivist steals data, they will publish it online instead of requesting a ransom payment. Hacktivists work as both individuals and in groups, and any business can potentially be targeted.
Some hackers access secure networks not with the intention of causing harm but because they simply enjoy doing so. Hacking is often performed for the purpose of education. In other words, a hacker may target you because they want to practice their skills.
Other hackers may want to take down your website simply to prove that they can.
What Motivates Threat Actors?
Threat actors are motivated by a variety of different factors.
Financial gain is the most obvious motivation. Most threat actors access secure networks simply because it is profitable to do so. After they access a network, they will either steal personal information for the purpose of resale, perhaps on the dark web, or install ransomware for the purpose of extortion.
Political motives are less common but still a regular occurrence. Nation state actors carry out attacks for this purpose. This may consist of stealing confidential information or simply doing anything which can cause disruption.
Some threat actors want to harm your business. This is typically because you’ve done something which offends them. Hacktivists often target businesses which they believe are conducting themselves unethically. Insider threats are also potentially motivated by personal grudges.
Some threat actors don’t want to steal from you or harm your business. They simply enjoy hacking and are willing to break the law in order to learn more about it. While this type of threat actors potentially poses the least threat to a business, they are still capable of causing harm.
Are All Businesses Targets?
Any business can be targeted by threat actors. Most businesses don’t have to worry about nation states attacking. But cybercriminals are a threat to all businesses. The most sophisticated attacks are reserved for large businesses because the rewards are higher. Nonetheless, small businesses are also popular targets due to their perceived weaker security.
Hacktivists are a threat to any business with a public face and insider threats are a potential problem for any business with employees.
How to Protect Against Threat Actors
Complete protection against all types of threat actors isn’t possible. You can, however, make your business as difficult a target as possible by increasing your security posture. Here are a few tips:
- Educate all employees on the threat posed by phishing emails. Employees should also be trained not to download email attachments.
- Enforce the use of strong, unique passwords on all accounts.
- Enforce the use of Two-Factor Authentication (2FA) on all accounts. This prevents a wide variety of threats.
- Install antivirus software on all devices within your network.
- Use automated threat detection tools such as SIEMs.
All Businesses Should Be Aware of Threat Actors
All businesses need to be aware of the many potential threats they face. The term threat actor is useful for this purpose because it illustrates the variety of different reasons that a particular actor may choose to carry out a cyberattack.
While cybercriminals are always going to be the chief concern, the threat posed by insider threats, hacktivists, and hobbyists should not be overlooked. Understanding who is trying to access a secure network is an important part of preventing them from doing so.