Cybersecurity
Threat Actor
Definition
A threat actor, or malicious actor, is a person or entity responsible for an event or incident that has an impact on the safety or security of another entity. They can be categorized by their motivations, resources, and skill levels.
Why It Matters
Understanding the different types of threat actors helps organizations to model the threats they face. The defenses needed against a nation-state actor are very different from those needed against a casual "script kiddie."
Contextual Example
Common types of threat actors include: Nation-States (highly sophisticated, well-funded groups working for a government), Cybercriminals (financially motivated), Hacktivists (politically or ideologically motivated), and Insiders (employees or others with legitimate access).
Common Misunderstandings
- The term is more specific than "hacker," as it focuses on the intent and context of the activity.
- Threat intelligence is focused on understanding the TTPs (Tactics, Techniques, and Procedures) of different threat actors.