What is a ‘Threat Actor’ and what cyber security risks do they pose to your business?
It seems like every day there is a new cybersecurity threat for businesses, organisations and individuals to worry about. The threat landscape is growing, and there is a lot of confusing terminology that comes with it.
One thing we hear and read often, is the term ‘threat actor’. What are they? And what does your business need to know about them? We take a look at what threat actors are, what they mean for your business, and how you can improve your security posture against them…
What is a threat actor?
The National Institute of Standards and Technology (NIST) defines a threat actor as:
‘An individual or group posing a threat’.
A threat actor is any person or organisation that carries out an action to exploit weaknesses and vulnerabilities in networks, computers or systems, in order to cause disruption to businesses or individuals. In most cases this is intentional, targeted and malicious, but it can also be unintentional and accidental.
Types of threat actor
There are five broad categories of threat actor to be aware of:
- Insider threats
- Nation states
The most common type of threat actor, and most businesses are aware of the threat they pose. Cybercriminals are often financially motivated, and the types of attack they carry out are generally designed with money as the end-goal. Sometimes this will see them launching a ransomware attack to steal an organisation’s valuable data and hold it hostage until a payout has been made. It can also include phishing emails to individual users, attempting to persuade them to hand over their passwords and/or financial information. Or malware designed to skim customer credit card details during online purchases.
2. Insider threats
Insider threats aren’t always malicious actors, but they are always someone who is inside the business’s IT systems who disrupts or compromises them in some way. This might be through the accidental deletion or sharing of critical data, falling prey to a phishing or malware attack, or the unintentional sharing of company credentials.
Insider threats can be malicious, which could for example be where an employee, third-party contractor or partner steal data or disrupts processes from inside the network, or when they intentionally damage the business’s cybersecurity measures in order to gain access to systems from the outside at a later time.
3. Nation states
This type of threat actor is a country that targets organisations and institutions in other countries. Their aim is to disrupt, impede or damage key functions or economies; steal government secrets; and/or commit acts of espionage. This type of threat used to only be a concern for government, military and security services, but increasingly businesses need to consider this too.
This type of threat actor is motivated by ideology, and targets businesses and organisations that it feels contravene these ideals. This might involve stealing an organisation’s data and publishing it online in order to expose their ‘misdeeds’, or it could see the hacktivists taking over a business’s website, social media or communication channels to push out political messages.
Sometimes, people will launch a cyber-attack just to prove that they can. A hobbyist is someone who enjoys hacking and will attack a business’s secure networks with the sole aim of practising their skills. These attacks are generally not targeted, personal, political or financially motivated, but they can still be disruptive and harmful for businesses, and costly to recover from.
Does my business need to worry about threat actors?
Businesses in the main are more focussed on the potential attacks from cyber criminals and insider threats. Unless your business holds data that could impact national security or is otherwise politically sensitive, you’re unlikely to be targeted by nation states, hacktivists or hobbyist. Cybercriminals and insider threats, however, are a concern for all businesses.
Cybercriminal attacks are constantly increasing in frequency and sophistication. Larger businesses are targeted because the potential financial rewards are greater for criminals, and smaller businesses are targeted because the security measures in place are often far less stringent.
Insider threats are a cause for concern for businesses simply because human error is common. All it takes is for an otherwise trustworthy employee to log into your network from an unsecured personal device, and your business systems are threatened. Accidental deletion, unsecured home networks, lost USB sticks or laptops… the ‘insider threat’ actor is an all-too-human one.
How can I protect my business against threat actors?
Complete protection against all types of threat actor is unrealistic, but all businesses can aim to improve their security posture to mitigate the majority of threats, the majority of the time. A few small but important steps businesses can take to make themselves a more difficult target include:
- Using a robust firewall
- Installing anti-virus software on all devices in the network
- Using automated threat detection and content filtering tools
- Ensuring all software, applications and systems are patched and up to date
- Enforcing the use of multi-factor authentication across all accounts
- Educating teams about the various types of threat, and keeping them updated on any known phishing scams
- Ensuring everyone is using strong passwords across all accounts, and changing them regularly
Manage your security posture with M247
Working with a specialist technology service provider can be the most cost-efficient and effective way of protecting your business against the broadest range of threat actors. This gives your business access to a dedicated team of security experts across all attack vectors.
M247 offer solutions including anti-virus protection, content filtering and managed firewalls to protect against cybercriminals, and data management and backup solutions to mitigate the risks posed by insider threats. As well as solutions to help with cyber security response and recovery.