discussion amp responses threats and vulnerabilities
Describe types of threat actors and the types of crimes that they might commit against your home and place of employment (if you are employed). What are some potential vulnerabilities if a threat actor obtained one of your friendsâ€™ critical information? What could the threat actor exploit and are there multiple vulnerabilities that, when combined, would attract more attention than others? (Do not submit your friendâ€™s personal information.)
In response to your classmates, identify potential actors and crimes that they may have missed.
Risk Analysis and Security Countermeasure Selection, Chapters 6, 7, and 8
To acess textbook
Peer post 1
There are five types of threat actors explained in the textbook. First, terrorists, this group is split into five sections based on what their motivation is. The second threat actor is, economic criminals. This category would include those Nigerian Prince emails and scams for money internationally. Third, nonterrorist violent criminals. This category is something we see most on the news. Sexual assault, muggings, and civil disorder. Fourth, subversives, this category refers to hackers, dedicated activist groups, and invasion of privacy. Finally, petty criminals are one of the most common threat actors. Criminals such as vandals, pickpockets, and disturbance causers fall into this category. (Norman, 2016)
Potential threats if a friends’ information was stolen include, burglary, identity theft, and hacking. A friend of mine is currently pregnant, with a toddler. This could be a vulnerability because she may not have a quick response time to someone stealing her purse. Being alone is also a vulnerability and makes it easier to be targeted. Yes, combining multiple vulnerabilities draws more attention. If she were to be walking alone, through an empty parking lot, at night, while pregnant she would have many vulnerabilities which combined make an easier target for threat actors.
Norman, CPP, T. L., PSP, CSC. (2016). Risk Analysis and Security Countermeasure Selection, Second Edition. [MBS Direct]. Retrieved from https://mbsdirect.vitalsource.com/#/books/9781482244205/
Peer post 2
Organizations and individual homes are exposed to threat actors despite having several cybersecurity measures. These threat actors majorly fall into four categories. Each category has actors who have their ideal tactics and procedures that facilitate the initiation of malicious activities (Lemay et al., 2018). The first group of threat actors is government-sponsored attackers; this group is difficult to identify and they are majorly motivated by economic or political agendas. They are interested in finding information that can be used for exploitation. The second group of threat actors is cybercriminals; they commit data breaches at home and in organizations to get ransoms. Hacktivist is a group that undermines organization operations by distributing propaganda through high profile attacks (Lemay et al., 2018). Insider threat actors are actually individuals that we have a close connection with at home or in our workplaces.These individuals have direct access to sensitive information and they can use them for selfish reasons.
Leaving sensitive information insecure in certain electronic devices such as mobile phones can lead to leakage. Threat actors can obtain such vulnerable information and use it to harm people or organizations. Unintentional release of critical data not only affects the life of an organization but also the lives of the employees and the customers who are in the databases. Normally, such cases may need immediate legal action. A security breach in homes and organizations prompt the threat actors to compromise the multiple networks that are linked with the two. Normally, threat actors exploit organizations by threatening them that they would share their sensitive information to the other parties (Lemay et al., 2018). To prevent information sharing, they normally ask for a huge ransom. They may threaten nonstate actors by exploiting their critical infrastructures which are vulnerable. In cases where there are more vulnerabilities, organizations short circuit the threat information by providing invaluable data that can remedy the situation.
Lemay, A., Calvet, J., Menet, F., & Fernandez, J. M. (2018). Survey of publicly available reports on advanced persistent threat actors. Computers & Security, 72, 26-59.