by Kapua Iao
Article filed in

What is a threat actor?

by Kapua Iao

Person holding a computer with 6 green closed locks and 1 red open lock on the screen.

The term threat actor refers to a person, organization, or government intent on carrying out a malicious act. Analogous terms include malicious actor and cyber threat actor (CTA) when referencing cybersecurity issues.

While the term itself is broad, the threat actor’s intent is always the same: to cause some type of harm, in some way, to another.

Unfortunately, such threats thrive within the cyber environment as exemplified by the rise in ransomware attacks this year.

RELATED: Why health systems must take ransomware protection seriously

For covered entities and their business associates, the most effective way to safeguard protected health information (PHI) is by understanding and stopping threat actors before they cause irreparable damage.

Types of threat actors

A cyber threat is any circumstance or event with the potential to adversely impact an organization’s operations. And threat actors are people/groups that create or take advantage of such circumstances or events to perform a malicious act.

RELATED: Cyberthreat framework

As such, a threat actor exploits a cyber vulnerability to steal, encrypt, sabotage, gain notoriety, make money, and so forth. It can even be for several reasons at once. Generally, threat actors are categorized by their motives (what do they gain?) and sophistication (what resources can they access?):

Threat actor Motivation Sophistication level
Nation-state Geopolitical High
Cybercriminal Profit Medium to high
Hacktivist Ideological Medium to high
Terrorist group Ideological violence Low to high
Thrill seeker Satisfaction Low to high
Insider threat Discontent Typically low

Some also sort threat actors as intentional or unintentional and external or internal.

An unintentional, internal threat actor would be an employee who inadvertently becomes causes a security issue through human error.  For example, they could unknowingly fall victim to an email phishing attack, creating an access point (or threat vector) for unauthorized entry.

While the opposite, an intentional and external threat actor, could be an advanced persistent threat (APT), typically nation-states or advanced cybercriminal groups. A 2021 independent academic research study found a 100% rise in “significant” nation-state incidents between 2017 and 2020.

RELATED: International vaccine “cold chain” subject of cyber espionage

For the Center for Internet Security, motivations and sophistication can also determine who a CTA attacks and why.

Threat actors and healthcare

As research shows, healthcare is a prime target for every type of threat actor. And this boils down to the industry’s wealth of sensitive data (i.e., PHI) and the general careless state of cybersecurity.

Moreover, a combination of large, vulnerable attack surfaces and numerous access points along with tired and stressed employees exposes healthcare organizations to data breaches.

RELATED: How to determine your attack surface in the healthcare sector

And this encourages every type of threat actor, whether sophisticated or not, to attack healthcare organizations. Last year alone saw a 600% increase in malicious emails due to COVID-19.

Protection through better cyber hygiene

First, healthcare organizations must understand the type of threats they face by employing threat modeling during the mandatory HIPAA risk assessment.

RELATED: HIPAA stands for . . .

threat model is a method that determines the threats that could undermine an individual or an organization. And a HIPAA risk assessment delineates the most effective and appropriate safeguards to protect PHI.

With the results of both, an organization can then create a cybersecurity program that mitigates the most pertinent threats. Generally, this means a layered approach that includes:

  • Up-to-date and consistent policies and procedures
  • Continuous employee awareness training
  • Strong technical and physical access controls
  • Offline backups
  • Patched and updated systems and devices

And especially, solid inbound/outbound email protection (i.e., HIPAA compliant email).

The need for email security—Paubox Email Suite Plus

Paubox provides seamless and safe email security for better, more secure email communication. Especially because email is the number one threat vector into any system.

Paubox Email Suite Plus is HITRUST CSF certified security software that protects all email systems from inbound and outbound email threats. All outbound emails are encrypted directly from your existing email platform (such as Microsoft 365 and Google Workspace), requiring no change in email behavior. No extra logins, passwords, or portals.

Moreover, our solution reviews incoming emails for potential threats and quarantines anything that raises a red flag. Paubox’s patent-pending Zero Trust Email feature applies the Zero Trust security framework to email, requiring additional proof of legitimacy before delivering any message. While ExecProtect fights against display name spoofing threats.

Strong email security, and a well-rounded cybersecurity program in general, provide the protection needed against threat actors intent on gaining unauthorized access. Avoid such malicious acts before they cause trouble by investing in reliable cybersecurity today.

Try Paubox Email Suite Plus for FREE today.