Insider Threat Actor

An insider threat actor is someone who uses their authorized access to an organization's systems or network to cause harm, intentionally or unintentionally. Insider threat actors include current or former employees, contractors, or business associates.

Insider threats can be challenging to detect because the threat actor already has legitimate access to the organization's systems. Some examples of insider threats include:

Malicious insider

Also known as a Turncloak, this actor intentionally abuses their access to steal information for personal or financial gain.

Careless insider

This actor unknowingly exposes the system to outside threats through mistakes like leaving a device exposed.

Collaborator

This actor works with a third party to harm the organization, such as a competitor, nation-state, or criminal network.

Some signs of an insider threat include Logging into the network at odd hours, Accessing information unrelated to their job, Downloading large amounts of data, Copying data to personal devices, and Creating unauthorized accounts.

Unskilled Attacker - Script Kiddie

 Unskilled Attacker

A script kiddie is a novice hacker who uses pre-made scripts or software to launch cyberattacks. They are also known as unskilled attackers. They find and download the tools from the Internet.

Script kiddies are dangerous because they can cause real damage, Be detected faster than experienced hackers, and Have their identities discovered.

Some script kiddies' characteristics include Inexperience, indiscreetness, Recklessness, Impulse, and attention-seeking.

Script kiddie attacks are characterized by the following:

Repeatability

Script kiddies use pre-made attacks that have been used on other companies at different times.

Openness

Script kiddies don't know how to mask attacks, so you probably immediately notice the problem.

Unsophisticated

Script kiddies often can't cover their tracks, so you can quickly identify who they are and where they come from.

Organized Crime - Threat Actor

 Organized Crime

An organized crime threat actor is a group of criminals who use cyberattacks to make a profit. They may use hackers to steal credit card numbers or other information to sell on the black market. Organized crime threat actors often have a corporate structure with different roles, such as someone who hacks, manages exploits, sells data, or handles customer support.

Threat actors are people or groups who intentionally cause harm to digital systems or devices. They exploit network, software, and computer system vulnerabilities to carry out cyberattacks. Some other types of threat actors include:

Insiders

A team member, former team member, partner, or third-party contractor who wants to access an organization's data, systems, or network

Hacktivists

Groups who have a social, political, or ideological reason for their attacks

Cyber terrorists

Actors who may target businesses, governments, or infrastructure to cause economic and physical harm

Advanced persistent threat (APT) actors

Actors who may be aligned with a country's government and use malware to gain access to accounts

Hacktivist - Threat Actor

 Hacktivist

A hacktivist threat actor is a person or group that uses cyberattacks to make a political or social statement. Hacktivists are motivated by a need to publicize an organization's misdeeds or to be part of a political or social movement rather than money.

Hacktivists often target organizations, websites, or systems that they perceive to oppose their beliefs. Their attacks include defacing a website to spread a specific message, exposing sensitive information, disrupting critical infrastructure, and causing DDoS (distributed denial of service) attacks.

Hacktivists are different from ethical or white hat hackers, who work with organizations to test their approach to cybersecurity. Hacktivists also differ from cybercriminals, who are typically motivated by money.

 Sensitive Data

Sensitive data is information that could be harmful or cause adverse consequences if it's disclosed, misused, or accessed without authorization. It's a higher tier of information than personal data and requires more excellent protection.

Here are some examples of sensitive data:

Personal data: Names, email addresses, phone numbers, birth dates, government-issued identification, and digital identifiers

Financial information: Bank account numbers, debit or credit card details, transaction data, and other financial statements

Business-related data: Trade secrets; planning, financial, and accounting information

Governmental data: Restricted, confidential, secret, or top-secret information

Health-related data: Medical history and other health-related information

Other data: Genetic data, biometric data, data concerning a person's sex life or sexual orientation, and trade union membership

Mishandling sensitive data can put organizations at risk of legal liability claims, operational slowdowns, and lost competitive advantage.

Data Sovereinty

 Data Sovereignty

Data sovereignty is the idea that data is subject to the laws and regulations of the country or region where it is collected, stored, and processed. It can also refer to the rights of individuals or groups to control and maintain their data.

Data sovereignty is related to data security, cloud computing, network sovereignty, and technological sovereignty. It can also be closely linked to data localization, which is the practice of storing data within a country or region's physical boundaries.

Data sovereignty is essential for several reasons, including:

Data protection

Data sovereignty allows businesses to protect their data from unauthorized access or breaches.

Business continuity

Data sovereignty ensures businesses can access their data during a disaster or disruption.

Competitive advantage

Data sovereignty can be a competitive advantage for businesses committed to protecting customer data.

Some examples of data sovereignty include:

The EU's General Data Protection Regulation (GDPR)

California's Consumer Privacy Act (CCPA)

Indigenous data sovereignty, which asserts the rights of Native nations and Indigenous Peoples to govern their own data

 Data Custodian

A data custodian is a person or organization responsible for managing and protecting data. They ensure that data is secure and accessible and that it is not altered, destroyed, or used without authorization.

Some of the responsibilities of a data custodian include:

Data security: Managing the security controls and technology around data confidentiality, integrity, and availability

Data access control: Controlling access rights to data

Data governance: Implementing data policies and rules

Data quality management: Ensuring data quality is maintained

Data maintenance: Maintaining the technical environment where data is stored

Data audits: Ensuring changes to data content and controls can be audited

Data recovery: Providing and administering backup and recovery systems

Data custodians are data modelers or ETL (Extract, Transform, Load) developers. They are often responsible for resolving data storage, processing, and usage issues.