Attacker

Cyber security risks are driven by a number of attacker profiles and objectives:

  1. States, where a government’s cyber weaponry is used to advantage its own citizens and/or disadvantage citizens of foreign countries.

    • Note, state actors may buddy up with ‘hacktivists’ (online activists) or organised criminals. This may occur officially, where much of private enterprise is owned or influenced by government. Unofficially, this may occur where government employees moonlight with hacktivists, terrorists or organised criminal gangs leveraging state knowledge and infrastructure and to aid with deniability.

Cyber Security Risk-Threat.jpg

  1. Organised criminals, who may be primarily after money and achieve their objective by, for example, stealing information to sell on the black market and ‘kidnapping’ information for ransom. They may also be after personal information, identities and computing resources (botnets), which can be used directly or as part of targeted attacks on other high value individuals and businesses.

  1. Hacktivists, who are activists with cyber capability that purport to be doing a social good by harming your company in retaliation for some perceived wrongdoing to society. They may do anything from corrupt information or disrupt productivity through to destroying information (destructive payload).

  1. Terrorists who are active in the cyber domain and increasingly following physical attacks with waves of cyber attacks. They also recruit, communicate and influence using social media.

  1. Businesses and industry who may also engage in activities like espionage, even targeting smaller business. Their objective is likely commercial gain through stealing information such intellectual property, research and development, pricing, mergers and acquisitions information. The objective may also be to also disrupt productivity and impact reputation.

  1. Individuals, such as disgruntled and former employees, can represent an ‘insider threat’ to the organisation. There are also those individuals that may not be overtly malicious such as an employee who makes an error or a ‘Script kiddy’ has just learned a new – freely available, with help guides – method or tool for hacking. The outcome, however, for you and your business may be just as painful!

While not the whole story, attacks are often initiated by delivering malware through things like external media, phishing, and driveby attacks. The ‘gotcha’ is that these methods can bypass traditional protections, including antivirus, firewalls, VPN’s, encryption, strong passwords, and so on.

Once the actor initiates the attack they may have, or be able to gain, sufficient access to do and see on that machine or device what you can do and see, including on other systems to which you have access, in order to achieve their wider objectives (see blended threats).

There are ways, however, the ‘gotcha’ risk can be managed. The good news is, while technology is important, much of they way we can address the problem is based on behaviour and good governance. These good practices are summed up for you along with checklists at the end of the Gotcha! book.

 

Leave a Reply

Your email address will not be published. Required fields are marked *