Browse Definitions :
Definition

threat actor

Contributor(s): Ivy Wigmore

A threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact -- an organization's security. 

In threat intelligence, actors are generally categorized as external, internal or partner.  With external threat actors, no trust or privilege previously exists, while with internal or partner actors, some level of trust or privilege has previously existed. The actor may be an individual or an organization; the incident could be intentional or accidental and its purpose malicious or benign. 

External actors are the primary concern of threat intelligence services not only because they are the most common, but also because they tend to be the most severe in terms of negative impact. Such threat actors are sometimes categorized as either being commodity or advanced. A commodity threat actor launches a broad-based attack hoping to hit as many targets as possible, while an advanced threat actor targets an organization, often seeking to implement an advanced persistent threat (APT) in order to gain network access and remain undetected for a long time, stealing data at will.

Another type of external threat actor is the hacktivist. Hacktivist groups such as Anonymous use many of the same tools employed by financially-motivated cybercriminals to detect website vulnerabilities and gain unauthorized access or carry out distributed denial-of-service (DDoS) attacks. The motivation of most hacktivists is to gain access to sensitive information that will negatively impact the reputation of an individual, a brand, a company or a government.

Learn more about commodity vs. advanced threat actors:

This was last updated in January 2016

Continue Reading About threat actor

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

FINGER LICKIN GOOD
Cancel

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close