Cyber attackers come in different shapes and sizes; different goals, capabilities, risk tolerance etc. As defenders protecting the enterprise, the network or data in our software systems, it’s well worth the effort to understand the different characteristics of those who may attack us. Armed with that knowledge, we can identify which malefactors may be interested in our systems, and equip ourselves for defense.
The matrix below (an excerpt from Securing Systems by Brook Schoenfield) provides a good summary of the current threat agent landscape.
| Threat Agent | Goals | Risk Tolerance | Work Factor | Methods |
|---|---|---|---|---|
| Cybercriminals | Financial | Low | Low to medium | Known Proven |
| Industrial Spies | Information and disruption | Low | High to extreme | Sophisticated and unique |
| Hacktivists | Information, disruption, and media attention | Medium to high | Low to medium | System administration, errors, and social engineering |
| Hackers/ Script Kiddies | Media attention | High | Low | Known Proven |
| Insiders | Information and Financial | Very low | Nil to low | System administration |
| Nation state | Information and disruption | Very low | Extreme | Very sophisticated |
