Attributes and Capabilities of Threat Actors (Domain 2)
To effectively model risk and defend systems, cybersecurity professionals must understand not just who the attackers are, but what they are capable of. In this episode, we analyze the key attributes that define threat actors: whether they are internal or external, well-funded or opportunistic, highly skilled or reliant on publicly available tools. These characteristics determine the methods and scale of potential attacks, with well-resourced actors—like nation-states or cybercriminal syndicates—often using zero-days, social engineering campaigns, or persistent footholds to quietly exploit systems over time. In contrast, less sophisticated actors may rely on known exploits, automated scanning tools, or credential stuffing attacks with stolen passwords from previous breaches. We also explore how motivation, sophistication, and intent influence targeting decisions and defense priorities. By understanding an actor’s attributes, defenders can more accurately prioritize defenses, reduce noise, and prepare for the level of threat they are most likely to face in their industry or region.
