What is a threat actor?
by Kapua Iao
The term threat actor refers to a person, organization, or government intent on carrying out a malicious act. Analogous terms include malicious actor and cyber threat actor (CTA) when referencing cybersecurity issues.
While the term itself is broad, the threat actor’s intent is always the same: to cause some type of harm, in some way, to another.
Unfortunately, such threats thrive within the cyber environment as exemplified by the rise in ransomware attacks this year.
For covered entities and their business associates, the most effective way to safeguard protected health information (PHI) is by understanding and stopping threat actors before they cause irreparable damage.
Types of threat actors
A cyber threat is any circumstance or event with the potential to adversely impact an organization’s operations. And threat actors are people/groups that create or take advantage of such circumstances or events to perform a malicious act.
RELATED: Cyberthreat framework
As such, a threat actor exploits a cyber vulnerability to steal, encrypt, sabotage, gain notoriety, make money, and so forth. It can even be for several reasons at once. Generally, threat actors are categorized by their motives (what do they gain?) and sophistication (what resources can they access?):
|Threat actor||Motivation||Sophistication level|
|Cybercriminal||Profit||Medium to high|
|Hacktivist||Ideological||Medium to high|
|Terrorist group||Ideological violence||Low to high|
|Thrill seeker||Satisfaction||Low to high|
|Insider threat||Discontent||Typically low|
Some also sort threat actors as intentional or unintentional and external or internal.
An unintentional, internal threat actor would be an employee who inadvertently becomes causes a security issue through human error. For example, they could unknowingly fall victim to an email phishing attack, creating an access point (or threat vector) for unauthorized entry.
While the opposite, an intentional and external threat actor, could be an advanced persistent threat (APT), typically nation-states or advanced cybercriminal groups. A 2021 independent academic research study found a 100% rise in “significant” nation-state incidents between 2017 and 2020.
For the Center for Internet Security, motivations and sophistication can also determine who a CTA attacks and why.
Threat actors and healthcare
As research shows, healthcare is a prime target for every type of threat actor. And this boils down to the industry’s wealth of sensitive data (i.e., PHI) and the general careless state of cybersecurity.
And this encourages every type of threat actor, whether sophisticated or not, to attack healthcare organizations. Last year alone saw a 600% increase in malicious emails due to COVID-19.
Protection through better cyber hygiene
RELATED: HIPAA stands for . . .
A threat model is a method that determines the threats that could undermine an individual or an organization. And a HIPAA risk assessment delineates the most effective and appropriate safeguards to protect PHI.
With the results of both, an organization can then create a cybersecurity program that mitigates the most pertinent threats. Generally, this means a layered approach that includes:
- Up-to-date and consistent policies and procedures
- Continuous employee awareness training
- Strong technical and physical access controls
- Offline backups
- Patched and updated systems and devices
And especially, solid inbound/outbound email protection (i.e., HIPAA compliant email).
The need for email security—Paubox Email Suite Plus
Paubox provides seamless and safe email security for better, more secure email communication. Especially because email is the number one threat vector into any system.
Paubox Email Suite Plus is HITRUST CSF certified security software that protects all email systems from inbound and outbound email threats. All outbound emails are encrypted directly from your existing email platform (such as Microsoft 365 and Google Workspace), requiring no change in email behavior. No extra logins, passwords, or portals.
Moreover, our solution reviews incoming emails for potential threats and quarantines anything that raises a red flag. Paubox’s patent-pending Zero Trust Email feature applies the Zero Trust security framework to email, requiring additional proof of legitimacy before delivering any message. While ExecProtect fights against display name spoofing threats.
Strong email security, and a well-rounded cybersecurity program in general, provide the protection needed against threat actors intent on gaining unauthorized access. Avoid such malicious acts before they cause trouble by investing in reliable cybersecurity today.