What are the different types of Cyber Actors and how can you protect against them?
Although the term Cyber Criminal gets thrown around a lot most people don’t realise that a Cyber Criminal is only one heading in a much larger category of individuals and groups known as Cyber Actors.
Cyber Actors can be both individuals or part of a much larger group; normally characterised by the desire to damage a person or organisations computers, devices, systems or networks (in short, not very nice people)!
The broader term of Cyber Actor can be used to stand for them all or often gets broken down into its five, distinct groups; with the different categories being defined by their motivations rather than tactics or tools they use.
Fortunately, that means strong Cyber Security protocols usually work the same against them all.
The first, and most and common term used is Cyber Criminal.
No doubt you’ll have come across this before, may even have fallen victim to one of their scams in fact.
They tend to be motivated by profit and greed and all Cyber Security experts agree, they pose a very real and present danger to users everywhere.
Common tactics employed by Cyber Criminals involve the selling of illegally obtained data, disrupting systems and holding them for ransom (known as Denial of Service or D.O.S attacks) and other nefarious scams involved with phishing for data such as social engineering, business email compromise (BEC), botnets, brute force password attacks, exploit kits, malware, ransomware and unfortunately a lot, lot more.
A malicious insider is at once the easiest and hardest of the categories to protect your organisation against.
They tend to be disgruntled (or just malicious) ex-employees, contractors, agencies or anyone else who may have had access to your systems, networks or data.
A Malicious Insider is best defined as someone who intentionally misuses or exceeds the access you’ve granted them, either for personal profit or in an attempt to hurt your organisation.
It should be pointed out that there is a clear difference between a ‘Malicious Insider’, acting in the full knowledge of what they’re doing, and an ‘Unwitting Insider’ accidently clicking on a link in a dodgy email.
Steps to combat against Malicious Insiders usually involve governance that instantly revokes the credentials of anyone after their business with your organisation is done as well as the changing of any joint passwords they may have had access to (although preferably your organisation wouldn’t have any joint passwords in the first place).
The vast majority of people need not worry about Nation State Actors as you’re unlikely to ever come to their attention, although in recent years you may have read in the news about Nation State Actors on social media trying to influence foreign elections and the like.
However, depending on the size of your organisation or it’s prominence within a geographic/political territory, you may wish to make specific Cyber Security plans against Nation State Actors as they can be very well funded, with a lot of resources at their disposal.
A Nation State Actor can be most easily recognised by their targeting of public and private sector networks in an attempt to compromise, steal, change or otherwise destroy data (espionage in other words) and being motivated by, political, economic or military ideologies.
They can be both a direct department of a nation state or just receive covert funding, direction or technical advice from one.
Some Cyber Security experts still use the term Nation State Actor interchangeably with Advanced Persistent Threats (APT’s) but APT tends to refer to a specific type of activity which can be conducted by a variety of different Cyber Actors as it’s normally defined as someone who’s gained long-term access to your system or network.
Hacktivists are individuals or groups that tend to have a lot of self-taught cyber skills behind them and can be best defined as ideologically motivated Cyber Criminals.
Rather than doing what they do out of a desire for personal gain though; they do it from a standpoint of political, social or ideological motivation; targeting both individuals or organisations whom they feel deserve their wrath.
Common methods used by Hacktivists will include Denial of Service attacks, doxing (the practice of researching and then publicly broadcasting private or identifying information about an individual or organization) and website defacements.
If your organisation works in a sector that inspires a lot of extreme feelings, on either side of the fence, then it’s well worth considering Hacktivist attacks in your Cyber Security strategies.
The final category of Cyber Actors are Cyber Terrorists.
Sometimes confused with Hacktivists, in reality a Cyber Terrorist is just another word for a terrorist. Whilst cyber attacks by terrorist organisations are become more common, their primary motivation online currently remains the dissemination of their ideologies and goals as well as the recruitment of new members.
The talent, knowledge, abilities and resources of the various different types of Cyber Actors can vary wildly, as can their motivations for targeting your organisation.
As part of your Cyber Security strategy you need to consider what you do, why you do it and what kind of Cyber Actor that may encourage to try and attack your organisation.
From there you can take steps in protecting your systems, networks and sensitive data.
If your primary goal is profit led, it stands to reason you’re more likely to attract the attention of a Cyber Criminal.
If you’re a Non-Profit organisation it may be you attract more hacktivist attacks.
All these things need to be considered when putting (or updating) your Cyber Security Protocols in place.
Fortunately, the tools and techniques used to stop one type of Cyber Actor will also work on all the other types.
If you’re not sure though or feel you need more expert advice, cloudThing will be happy to help…