A Threat Actor is a person or group performing malicious or hostile actions which cause harm to the victims computers, devices, systems, or networks. Threat Actors are categorized into groups based on their motivations and affiliations. CyberHoot has listed out the five main Threat Actors groups we face online today:
- Largely profit-driven
- Represent the largest risk Small- to Medium- sized businesses face today
- Represent a long-term, global, and increasing threat to businesses of all sizes
- They target data to sell, hold for ransom, and exploit for monetary gain
- Cyber criminals may work individually or in groups to achieve their purposes
- Common Attacks: Phishing, Social Engineering Attacks, Malware, Ransomware
Current or former employees, contractors, or consultants who have access to an organization’s networks, systems, or data and can be broken down further into two specific groups:
- Malicious insider Threats intentionally exceed or misuse their access in a manner that negatively affects the confidentiality, integrity, or availability of the organization’s data and/or information systems.
- Accidental insider Threats unintentionally cause damage to their organization’s information systems through their actions, such as clicking on malicious links in a phishing email, or inaction, such as not setting access restrictions on Non-Public-Personal-Information (NPPI) or Personally Identifiable Information (PII)
- Well funded and aggressive threat actors who target both public and private sector networks to compromise, steal, change, or destroy information
- May be part of a state apparatus or receive direction, funding, or technical assistance from a nation-state
- Nation-states have been used interchangeably with Advanced Persistent Threat (APT) and represent a formidable opponent to defend against
- Politically, socially, or ideologically motivated threat actors who target victims for publicity or to effect change, which can result in high profile events
- Not typically motivated by monetary gain or the theft of IP, mostly hacking for a cause. Terrorist organizations are sometime included in Hacktivist grouping
- Lower skilled hackers who typically buy their tools from dark web marketplaces
- Motivated by notoriety and more nuisance than destructive. Not motivated by financial gain but can lead to very costly security incidents
Source: CI Security
Additional Reading: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation
Related Terms: Advanced Persistent Threat (APT)
What does this mean for an SMB?
The best way to defend against Threat Actors is simply practicing good cybersecurity hygiene along with proper technical measures. SMBs are often targets of these threats, hackers know that smaller companies tend to think they aren’t at risk of an attack, oftentimes lacking cybersecurity measures in their company. To minimize the chances of becoming victim of an attack, follow CyberHoot’s best practices:
- Train employees on cybersecurity basics, helping them become more aware of the threats they face when interacting online. (Phishing, Social Engineering Attacks)
- Phish Test Employees
- Govern employees with the proper policies, following NIST Guidelines (WISP, Acceptable Use, Password Policy, etc)
- Employ a Password Manager, require it in your Password Policy
- Enable Two-Factor Authentication wherever possible
- Work with your IT staff or third party vendors to ensure your critical data is being encrypted properly
- Regularly backup critical data
- Use the principle of least privilege
- Stay current with the always-changing cyber threats