The 7 Key Categories of Threat Actors
In cybersecurity, the term “threat actor” might refer to lone agents, organized criminal groups, or entire entities seeking to impact your personal security or that of your employer. To understand these actors, let’s break them down by group.
1. Organized cybercriminals. Organized criminal gangs have gone digital to line their pockets and gain control over businesses and agencies of all types and backgrounds. These people are after straight-up financial gain; data they steal will show up on the black market, ready to be sold on to the highest bidder.
2. Cyber terrorists. Cyber terrorists use an array of digital weapons to disrupt critical services and commit harmful acts in order to further their cause. They target the state operations, businesses, and critical services that will cause the most dramatic effect.
3. Inside agents and bad actors. Infiltrators and cybercriminals are often closer to home that we think. Certain threat actors will infiltrate a workforce, express grievances via criminal activity, or turn insiders toward their cause with the promise of financial reward. This is an especially malevolent threat because insiders have privileged access.
4. State-sponsored agents. Cybercriminals in this category are directed or funded by nation-states. They exfiltrate data, steal sensitive information, and redirect funds as part of national espionage programs.
5. Script kiddies. Don’t let the cutesy name fool you. Script kiddies are threat actors without the skill or knowledge required to design penetration tools, but they’ll happily buy or borrow the tools to infiltrate systems.
6. Hacktivists. Recent years have seen an unprecedented rise in “hacktivism”—hacking with the goal of raising awareness about particular topics, whistle-blowing, or exposing secrets. WikiLeaks is the most well- known example.
7. Human error. To err is human, and the simple truth is that not all threat actors are either malicious or intentional. Even seemingly benign mistakes can cause massive damage to business networks.
© National Security Institute, Inc. www.nsi.org
Recent SecuritySense Posts
- 5 Things Crooks Love to See In Your Social Media Profile
- FAQ: Security and the Cloud
- The Ransomware Perfect Storm
- Children More at Risk Online During Pandemic
- Going Back to the Office? You’re a Perfect Target for Phishers
- 5 New Social Engineering Tactics Criminals Are Using Right Now
- April Scam Watch
- Top 4 Emotions Used in Social Engineering
- Security Is Critical to Pandemic Recovery
- Using Instagram Securely
Protect Yourself & Your Company From Cybercrime
Why shouldn’t your life be a little easier?
We want to make it super easy for you to market cybersecurity awareness to everyone at your company. We’re here to help you be more persuasive and support your work to make the entire company cyber-savvy.
Maybe you’re not a “marketer,” but you can be. You can get their attention with content that’s relatable, relevant, concise and enjoyable to read. We get feedback all the time from your peers who tell us their employees look forward to receiving SecuritySense.
SecuritySense is a subscription-based content service that delivers you a consistent supply of fresh cybersecurity awareness content so you can easily maintain an ongoing cybersecurity brand awareness campaign
Our Unique Content Strategy
People pay attention to content they find personally relevant. SecuritySense doesn’t feel like you’re being given extra work to do. It’s a blend of personal and work-relevant cybersecurity tips, warnings, human interest stories, instructions, news and insights that everyone looks forward to receiving. More about our content strategy
The Secret to Creating Awareness
Brand marketers know if you want to create awareness you have to do two things. Steadily promote your message and make sure the message offers content that personally resonates with your audience. SecuritySense makes it easy for you to do both.
Compare Our Per Employee Cost
Compare our per employee annual cost with the $8.00 – $20.00 seat licenses you might pay for training platforms. It’s a no-brainer to add SecuritySense to your overall program.