In cybersecurity, a threat actor may be a person, organisation, or government partially or wholly responsible for a malicious act that impacts – or has the potential to impact – an organisation’s security. They are also often referred to as a malicious or ‘bad’ actor.
While the term itself is broad, the threat actor’s intent is always the same: to cause some type of harm, in some way, to another.
There are various types of threat actors:
Cyber Terrorists are a modern mutation of a widespread global problem plaguing most countries for decades. They are usually focused on disrupting critical services and causing harm.
Government or State sponsored threat actors are funded, directed, or sponsored by nations or states and been known to steal and exfiltrate intellectual property, sensitive information, and even funds to further their nation’s espionage causes. They are also known to interfere in political processes and elections.
Crime is everywhere, and the internet is no different. Organised crime/criminals who want to steal sensitive data, money, and personal information are after financial gain, so the data they take tends to show up on the black market or is sold to the highest bidder. These threat actors are also known to use ransomware to extort business owners directly.
Hacktivists focus on bringing awareness. For example, almost all the information leaked by WikiLeaks was a result of hacktivists who wanted to expose the truth. They’re usually motivated by ideological activism.
Insiders are another type of infiltrator. Some threat actors can go as far as infiltrating your workforce themselves or turning an insider towards their cause/goal. Insiders are a particularly nasty threat to any organization’s cybersecurity because of the amount of access they’d have when working from within.
Some attackers aren’t skilled/advanced enough to design penetration tools on their own. Script Kiddies use tools developed by other attackers to penetrate a network or system.
Not all threat actors are malicious. But the damage they do cause can be quite extensive. Even simple user errors can end in catastrophe because of their elevated permissions within an organization’s systems and networks.