Browse Definitions :
Definition

threat actor

Contributor(s): Ivy Wigmore

A threat actor, also called a malicious actor, is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact -- an organization's security. 

In threat intelligence, actors are generally categorized as external, internal or partner.  With external threat actors, no trust or privilege previously exists, while with internal or partner actors, some level of trust or privilege has previously existed. The actor may be an individual or an organization; the incident could be intentional or accidental and its purpose malicious or benign. 

External actors are the primary concern of threat intelligence services not only because they are the most common, but also because they tend to be the most severe in terms of negative impact. Such threat actors are sometimes categorized as either being commodity or advanced. A commodity threat actor launches a broad-based attack hoping to hit as many targets as possible, while an advanced threat actor targets an organization, often seeking to implement an advanced persistent threat (APT) in order to gain network access and remain undetected for a long time, stealing data at will.

Another type of external threat actor is the hacktivist. Hacktivist groups such as Anonymous use many of the same tools employed by financially-motivated cybercriminals to detect website vulnerabilities and gain unauthorized access or carry out distributed denial-of-service (DDoS) attacks. The motivation of most hacktivists is to gain access to sensitive information that will negatively impact the reputation of an individual, a brand, a company or a government.

Learn more about commodity vs. advanced threat actors:

This was last updated in January 2016

Continue Reading About threat actor

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

FINGER LICKIN GOOD
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • cybersecurity insurance (cybersecurity liability insurance)

    Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to ...

  • phishing

    Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication ...

  • cybercrime

    Cybercrime is any criminal activity that involves a computer, networked device or a network.

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

  • NVMe over Fabrics (NVMe-oF)

    NVMe over Fabrics, also known as NVMe-oF and non-volatile memory express over fabrics, is a protocol specification designed to ...

  • logical unit number (LUN)

    A logical unit number (LUN) is a unique identifier for designating an individual or collection of physical or virtual storage ...

  • CIFS (Common Internet File System)

    CIFS (Common Internet File System) is a protocol that gained popularity around the year 2000, as vendors worked to establish an ...

Close