The document outlines four main types of cyber threat actors: cyber criminals, hacktivists, state-sponsored attackers, and insider threats, each employing specific tactics. It emphasizes the importance of understanding these groups to allocate cybersecurity resources effectively and prevent attacks. Proactive defense strategies, including incident response planning and security awareness training, are critical for organizations to enhance their cybersecurity posture.

1. 1
Proactive Defense:
Understanding the 4 Main Threat Actor Types

2. 2
Introduction
Understanding the four threat
actor types is essential to proactive
defense and allows an organization
to better assign a cyber security
budget to fund the right activities.
Most threat actors fall within four
main groups, each with their own
favorite tactics, techniques, and
procedures (TTPs).

3. 3
▪ Cyber criminals are interested in money, opting to either
use ransomware to extort money from a target, or steal
data that can be sold via dark web markets.
▪ A common TTP is phishing campaigns, typically used to
deliver malware payloads (often ransomware), with
emails that usually include a strong social engineering
component.
▪ The best defenses against phishing are email filtering
and authentication systems.
1. Cyber Criminals

4. 4
▪ Hacktivists are not interested in money and are usually
in the business of cyber vandalism, oftentimes having
personal motives and favoring website attacks.
▪ DDoS (distributed denial of service) attacks involve
taking control of a large number of computers, typically
achieved by using malware spam campaigns.
▪ Incident response planning must be accurate to best
defend against hacktivists.
2. Hacktivists

5. 5
▪ State-sponsored attackers are not usually interested in
money, but in data, which means gaining sustained
access to an IT infrastructure.
▪ Their preferred TTP is known as the advanced persistent
threat (APT), often working on multiple attack vectors
simultaneously.
▪ Building a strong and consistent security program that
includes both vulnerability/patch management and
threat intelligence is the best defense against
state-sponsored attackers.
3. State-Sponsored Attackers

6. 6
▪ Often hard to spot, insider threats can be employees
who give away sensitive data to the wrong person, or
real user accounts which have been compromised by an
external attacker.
▪ Their target is usually information, sometimes aiming to
vandalize assets as a form of revenge, or steal
proprietary assets for resale on the dark web.
▪ Protecting confidential data and performing security
awareness training should be an organization’s primary
concerns for means of defense.
4. The Insider Threat

7. 7
Takeaway
When building a cyber security
capability, the best defense is to take
proactive steps to stay ahead of
attackers. Develop detailed knowledge
not only of your adversaries, but also
of the latest and greatest threat actor
TTPs. With this information, you can
constantly improve your security
mechanisms, and search for new ways
to identify, track, and repel attacks.

8. 8