🕵️‍♂️

Threat Actors in Cybersecurity

Sep 17, 2025

View transcript

Overview

This lecture covers different types of threat actors in cybersecurity, their characteristics, and motivations for attacks, helping to identify and defend against various security threats.

Threat Actor Basics

  • A threat actor is the entity responsible for a security event that negatively affects others.
  • Identifying threat actors helps determine attack motivation and methods of prevention.
  • Threat actors can be internal (inside the organization) or external (outside the organization).
  • Threat actors differ in resources (money, tools), skill level, and motivation.

Major Types of Threat Actors

Nation State

  • Nation state threat actors represent governments or government agencies.
  • Motivations include data theft, political goals, disruption, or espionage.
  • They have vast resources and high sophistication (e.g., Advanced Persistent Threats/APTs).
  • Example: Stuxnet worm, created by the US and Israel for sabotage.

Unskilled Attackers

  • These attackers use scripts or tools without understanding them ("script kiddies").
  • Motivated by disruption, data theft, or personal reasons.
  • Typically lack resources and sophistication; often external but can be internal.

Hacktivists

  • Hacktivists (hacker activists) are motivated by political or philosophical reasons.
  • May attack via denial of service, website defacement, or exposing private documents.
  • Usually external, have variable skills, and limited financial resources.

Insider Threats

  • Insider threats are people within the organization abusing their access.
  • Motivated by revenge, financial gain, or personal grievances.
  • Have good knowledge of internal systems and moderate sophistication.

Organized Crime

  • Organized crime groups are motivated by profit, often through data theft, ransomware, or fraud.
  • Operate with defined roles and processes, having significant resources and sophistication.
  • Normally external to the organization.

Shadow IT

  • Shadow IT refers to internal groups or departments bypassing official IT policies.
  • These groups use unauthorized infrastructure and applications, sometimes without IT knowledge.
  • Typically lack IT expertise and can inadvertently expose the organization to risks.

Key Terms & Definitions

  • Threat Actor — an entity responsible for causing a security incident.
  • Advanced Persistent Threat (APT) — a long-term, resource-rich attack, often by a nation state.
  • Hacktivist — a hacker driven by political or social motives.
  • Insider Threat — someone within an organization abusing their access for malicious purposes.
  • Shadow IT — unauthorized IT systems or solutions created/used within an organization.

Action Items / Next Steps

  • Review the characteristics and motivations of each threat actor type.
  • Consider how your organization might defend against each category of threat actor.

Full transcript