Understanding Threat Actors (Domain 2)
Cyber threats come in many forms, and to defend effectively, you must understand the adversaries behind the attacks. This episode explores common categories of threat actors, including nation-state groups, cybercriminal organizations, hacktivists, insiders, and unskilled attackers (often called script kiddies). Each actor type operates with different motivations, levels of funding, technical capabilities, and risk tolerances, which shape their behavior and targeting strategies. Nation-state actors may prioritize espionage and infrastructure disruption, while organized crime is often financially motivated, targeting data for ransom or resale. Insiders pose a unique threat due to their legitimate access, whether acting maliciously or negligently, and hacktivists typically pursue ideological or political objectives, using disruption to make a statement. By profiling these actors and understanding what drives them, defenders can better anticipate attacks, prioritize vulnerabilities, and build threat models that reflect real-world risk. This foundational knowledge helps cybersecurity professionals move beyond generic defenses toward targeted, threat-informed strategies.
