Cybersecurity Insurance – Part 5: Cybersecurity Threat Actors and Tools That Companies Should Understand

October 20, 2015

Data privacyIn order to obtain an appropriate cybersecurity insurance policy, companies need to be aware of the actors who pose a threat to companies’ cyber capabilities as well as the tools and vectors by which these actors can effectuate cyber-attacks.

Potential threat actors include a wide variety of characters such as state actors, hacktivists, cyber terrorists and cyber criminals. One of the many difficulties with this type of threat, however, is determining who is responsible for any given attack. Some investigations into cyber-attacks have gone on for years with little progress made on attribution. The consequences of this can be dangerous if investigators jump to conclusions, as attacks perpetrated by independent actors can be disguised so that they appear to have been perpetrated by state actors or vice versa.

West LegalEdCenter CLE WebinarEmployees can also be threat actors in the form of negligent or rogue employees. Negligent employees are one of the top causes of data breaches. Relatively simple mistakes such as sending out incorrect data, losing or inappropriately using hardware, or becoming a victim of phishing have resulted in major cybersecurity breaches. Rogue employees can also be dangerous threat actors as they are often in a position to easily steal data and hardware, commit extortion or sell data to a third party.

The tools threat actors use are diverse and not necessarily limited to cyberspace. Prominent among them are the many varieties of malware that exist and continue to be developed. The Following are some common types of malware to be aware of:

  • Spyware – software with spying capabilities such as user activity monitoring, collecting keystrokes and data harvesting
  • Ransomware – software that lures its victim to a web site and then locks the user’s computer until user makes a payment
  • Trojan horses – malware that disguises itself as a normal file or program to trick users into downloading and installing malware, often allowing remote access to the infected computer
  • Worms –a type of virus with the ability to self-replicate and spread independently that typically causes harm to host networks by consuming bandwidth and overloading web servers

Another common method of cyber-breach is pin skimming, in which a counterfeit card reader placed over an ATM’s card slot is used to steal personal information stored on debit card that are swiped. Breaches can also take place by less technological means through social engineering (also referred to as phishing, whaling, pretexting, or bating). With these methods, threat actors manipulate individuals with access to a targeted system into performing actions or divulging confidential information. For example, fraudsters will often attempt to get sensitive information, such as pin codes or account numbers, from their targets by using e-mails, IMs, comments, or text messages that appear to come from a legitimate, popular company, bank, school, or institution.

Threat vectors are the paths used by the threat actor to infiltrate companies’ data systems. They include supply chain vulnerabilities, wireless access points, and removable media. Email remains a major threat vector as well. A recent study found that 61 percent of energy firms view email as the biggest threat vector for cyber-attacks via malware. The scope and quantity of threat vectors is only increasing as more and more companies are instituting Bring Your Own Device (BYOD) policies in which employees can access company data via mobile devices. It is crucial to exercise caution in implementing BYOD policies and it is recommended that such policies require employees to install malware detection software on their mobile devices.

Understanding how threat actors can penetrate a company’s information security system is crucial to assessing where a company’s cyber vulnerabilities lie and obtaining the appropriate cybersecurity coverage.

Titles by Daniel Garrie