Introduction The Internet of Things (IoT) is all around us and quickly expanding. How secure are these devices? Some IoT devices were not developed to be updated with patches, this create opportunity for threat actors and security risks for the owners of these devices. Threat actor is a person or organization with malicious intent and a mission to compromise an organization's security or data. This could be anything from physical destruction to simply copying sensitive information.
Classifications of Threat Actors • Amateurs • Hacktivists • Organized crime groups • State-sponsored • Terrorists
Amateurs – These are individuals with little to no skill. They are threat actors without the skill or knowledge required to design bespoke penetration tools, and yet will happily purchase or borrow the tools of other attackers in order to infiltrate systems. Their motivations usually lie within the realm of improving their reputation, by finding vulnerabilities within a technical system and exploiting them; some are just curious, while others try to demonstrate their skills by causing harm.
Hacktivists - They are essentially hackers with a set of political, philosophical, or religious objectives that they carry out through hacking. Hacktivists publicly protest against organizations or governments by posting articles and videos, leaking sensitive information, defacing websites, and a denial-of-service attack’. Organized crime groups - organized criminal gangs have long since turned to cybercrime as a means to line their pockets and gain control over businesses and agencies of all types and backgrounds. State-sponsored - Cybercriminals who fall into this category are either directed or funded or both by nations and national governments. Their goal is to spy on or steal from businesses or governmental bodies in order to further the interests of an enemy nation. Defending against the fallout from state-sponsored cyberespionage and cyberwarfare will continue to be a priority for cybersecurity professionals. Terrorists - Cyber terrorists utilize an array of cyber weapons to disrupt critical services and commit harmful acts in order to further their cause. They target the state operations, businesses, and critical services that will cause the most dramatic effect.
Threat Impact personal identification information (PII); One of the goals of cybercriminals is obtaining lists of personal identification information which includes; Name, Social security number, Birthdate, Credit card numbers, Bank account numbers, Government issued ID. This informations can be used to create fake financial accounts, such as credit cards and short-term loans or even sold on the dark web for financial gain.
protected health information (PHI); electronic medical records if not well protected might be at risk of getting stole by threat actors.
Personal security information (PSI) ; This information includes usernames, passwords, and other security-related information that individuals use to access information or services on the network. One of the common way that threat actors can breach a network is by using stolen personal security information.
Lost Competitive Advantage and trust from customers; The loss of intellectual property to competitors is a serious concern, additional major concern is the loss of trust that comes when a company is unable to protect its customers’ personal data. The loss of competitive advantage may come from this loss of trust.
Politics and National Security; Cyberwarfare is a serious possibility. State-supported hacker warriors can cause disruption and destruction of vital services and resources within an enemy nation. The internet has become essential as a medium for commercial and financial activities. Disruption of these activities can devastate a nation’s economy, example is stuxnet worm attack designed to impede Iran’s progress in enriching uranium that could be used in a nuclear weapon.