Cybersecurity Threats and Adversaries: An Exam Preparation Guide
Understanding Cyber Threats and Adversaries
Classifying Threats and Adversaries
To effectively defend against cyber incidents, it's crucial to understand the motive, skill level, and resources of potential threat actors. This requires thinking like a hacker to anticipate their actions.
Internal vs. External Threats: Threats can originate from within an organization (internal) or from outside (external).
Internal Threats: These are often considered the most dangerous. They may involve employees, contractors, or anyone with authorized access to the network.
Motive: Can range from curiosity to malicious intent (e.g., disgruntled employees).
Detection: Suspicious behavior (e.g., consistently working late without clear reason) should be reported to a supervisor, not acted upon personally.
Protection: Systems administrators and security personnel work together to lock down systems and protect employees from unknowingly causing harm (e.g., through lack of training or accidental exposure).
Mitigation: Policies, procedures, and training are vital components of a security strategy to safeguard against internal threats.
External Threats: These originate from outside the organization but can still be highly sophisticated.
Example: Edward Snowden was initially an internal contractor but became an external threat by leaking sensitive information. He's often classified as both, highlighting the nuanced nature of threat classification.
Sophistication and Capability: Threat actors vary widely in their technical expertise and the resources they can bring to bear.
Resources: Money is a significant resource. More resources generally mean higher skill and potential for damage.
Certification/Experience: Some threat actors may have formal certifications or years of experience, making them professional hackers.