Types of attackers
As the world embraces more digital and hyperconnected components, opportunities and paths become more numerous for attackers to gain access to our most sensitive information. Data breaches have become commonplace, from banking to retail, healthcare to entertainment, and even government. No sector is immune.
The cyber black markets offers the computer-hacker tools and services to carry out cyber crime attacks and sell the stolen data: credit cards, personal data, and intellectual property.
Attackers, or ‘cyber threat actors’, can be grouped by their set of goals, motivation, and capabilities. Based on the motivation, these threat actors can be described as cyber terrorists, hacktivists, state-sponsored actors, and cyber criminals. The table below indicates the motivation of the dynamically changing attack profiles:
Click image to enlarge
The videos below demonstrate two different types of attackers: firstly Charlton Floate could be identified as a ‘recreational’ hacker, gaining unlawful entry to an organisation or government system ‘for fun’. The second example, the attack on the UK National Health Service (NHS) in 2017, was rumoured to be the work of a state-sponsored attack.
This is an additional video, hosted on YouTube.
- Attack type: recreational hacking (BBC News)
This is an additional video, hosted on YouTube.
- Attack type: state-sponsored hacking (BBC News)
The key principle with digital security is understanding what information you are holding, how you use the digital infrastructure to work with this information and therefore what types of attacks are most likely to be a concern.
For example, a competitor may wish to hack your systems to see what new products you are developing. This aligns with hacking government departments in terms of one country trying to find out what another country is doing. Or there is the opportunist trying to make some money by exploiting a weakness – theft of information to sell or ransom. There are many other reasons, but you need to consider not only the information you hold and who would be interested in it but also what happens if an internal person (eg member of staff) decides to leak information or ransom it?
The disgruntled employee can be a real threat as they already have system access.
Reach your personal and professional goals
Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.
Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.
