Field Guide to Cyber Threats: Watch Out for These 7 Beasts

January 15, 2019  Rebecca Merritt

Hacktivists, insiders with a grudge, nation-state actors: It’s a cyber-threatening jungle out there. But take a deep breath: By applying the FAIR model (that’s Factor Analysis of Information Risk), you can get a clear picture of what’s truly a cyber threat to your business, and start to plan a rational defense.

There are a few terms we need to cover prior to diving into what a threat is.

  1. Threat Agent: Any agent (e.g., object, substance, human, etc.) that can act against an asset in a manner that can result in harm.
  2. Threat Capability (TCap): The probable level of force that a threat agent can apply against an asset.

These are both terms from the FAIR model which define threat as multiple actors with multiple threat capabilities. In the field of risk analysis, it’s easy to overgeneralize and assume that everyone in the world is a threat to your company’s data. Practically speaking, however, it is more useful to define a threat in terms of probability, as opposed to just possibility.

When you attempt to make comparisons, or analyze the risk associated with any actor, you may find it helpful to break them down into a few different categories, based on the threat profile. Using profiles to group potential threats based on common sets of characteristics helps to identify your own most probable cyber security threats.

According to the Risk Analysis (O-RA) Standard  [RM1] , you should consider the following characteristics to categorize a threat:

  • Motive
  • Objective
  • Access Method
  • Personal Risk Tolerance
  • Desired Visibility
  • Sponsorship
  • Skill Rating
  • Resources

Let’s break down the threat population and look at common characteristics of each group:

Cyber Criminals

Motive: Money, Cash, Moolah

Cyber criminals generally turn breaching your system into their day job. They can be highly experienced and often use resources such as the ‘Dark Web’ to sell and exploit company data. Typically, they try to obtain the most confidential information and do so using various methods (i.e. phishing, DDoS attacks, social engineering, etc.).

General Hackers

Motive: Practice their amateur skills

General hackers can take on many different personas: One may be a teenage kid learning how to break passwords on YouTube, and yet another may be a much less experienced hobbyist attempting to get into an organization’s system. These individuals tend to have a very low ‘threat capability’ so they usually are not actors of concern.

Privileged Insiders

Motive: Malicious intent or error

Typically, these actors include individuals with access to code in the system, write access in systems or those that can add users. Harmful actions by privileged insiders may occur by accident (human error) or intentionally (maliciously). They have direct access to large amounts of confidential information and can be quite harmful if they choose to attack the systems. If a privileged insider causes harm, typically the damage is not detrimental and can be remediated quickly.

Non-Privileged Insiders

Motive: Malicious intent

These actors intend to cause harm to the company’s assets – think of a disgruntled employee. They generally do not have any sort of critical access to the asset, so they must break through resistive controls to cause harm.


Motive: Ideological reasons

Hacker + Activists = Hacktivists. Hacktivists will attack your systems because they are motived by social or political causes. Their skills vary widely, from beginners with base level knowledge to extremely experienced hackers. They typically do not have the resources that those in other categories do, however, so their ‘threat capability’ is not as high.

Nation States

Motive: For a good cause. Or orders from above.

Nation state actors believe they are attacking an organization for the betterment of the world or the glory of their country—or are cynically carrying out commands from a national intelligence or military agencies. These hackers usually have a very high skill level. They often have significant resources as well, and so can be very concerning for businesses that end up on their hit list.

Mother Nature

Motive: n/a

We all know who she is. Mother Nature presents as a different sort of attack for IT systems depending on where you’re located. It could be an earthquake in California or a tornado in Kansas. Watch out for her, because when she hits, things can get nasty.