One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1551689 |
| Date de publication | 2020-02-19 13:00:00 (vue: 2020-02-19 13:01:39) |
| Titre | Understanding cyber attacker motivations to best apply controls |
| Texte | Implementing a risk based security program and appropriate controls against adaptive cyber threat actors can be a complex task for many organizations. With an understanding of the basic motivations that drive cyber-attacks organizations can better identify where their own assets may be at risk and thereby more efficiently and effectively address identified risks. This article will discuss the Rational Actor Model (RAM) as well as the seven primary intrinsic and extrinsic motivations for cyber attackers. Deterrence and security theory fundamentally rely upon the premise that people are rational actors. The RAM is based on the rational choice theory, which posits that humans are rational and will take actions that are in their own best interests. Each decision a person makes is based upon an internal value calculus that weighs the cost versus the benefits of an action. By altering the cost-to-benefit ratios of the decisions, decisions, and therefore behavior can be changed accordingly. It should be noted at this point that ‘rationality’ relies upon a personal calculus of costs and benefits. When speaking about the rational actor model or deterrence, it is critical to understand that ‘rational’ behavior is that which advances the individual’s interests and, as such, behavior may vary among people, groups and situations. For this reason, it is impossible to prevent all crime through deterrence. Some people will simply weigh the pros and cons of committing a crime and determine it is ‘worth the risk’ based upon their personal internal value calculus. While some criminologists dispute RAM in favor of other models, anecdotally it is difficult to argue with the value of the model. It is arguable that even terrorists employ a RAM model, and often select targets where there is fairly good certainty of “success”. This, again, echoes the model of risk management and a rational model of decision-making. The concept repeats in all areas of behavior, including cybercrime. Understanding RAM it is important to explore human motivation. In short there are two types of motivations that drive human behavior. Intrinsic and extrinsic motivation. Intrinsic motivations are those that are driven by internal rewards. It includes motivations that are satisfying to the individual. Eating, climbing a mountain, and watching a great movie are all examples of intrinsically motivated actions. Extrinsic motivations, by contrast, are those behaviors that result in external rewards. Working for a wage, playing the lottery and crime can all be examples of extrinsically motivated behavior. No doubt at this point readers have identified that actions can be both intrinsically and extrinsically motivated. With an understanding of the Rational Actor and Motivation theory it is now possible to discuss the motivations of cyber-attacks. It should be noted that the term ‘crime’ is not used as it is a legal term and an attack may or may not be considered a crime. As such a more generic term of ‘attack’ is used. In general, six different motivations exist for those who attempt a cyber-attack. This has been coined as the Mark Heptad (yes after this author and creator). The six seven motivations are: Financial (extrinsic) – Theft of personally identifiable information (PII), that is then monetized is a classic example of financial motivation of cyberattacks. Primarily perpetrated by organized criminal groups, this motivation represents a large percentage of cyberattacks against retailers and health care providers. |
| Envoyé | Oui |
| Condensat | “…for “american “because “i “simply “that “why ‘destroying ‘patriot ‘regulated ‘worth no 2010 21st 800 about abstraction accordingly accounts accurately acquisitions action actions actor actors acts adaptive added additionally address advanced advances adversarial adversaries affiliated after again against all also altering among analysis anecdotally animal another answered any anyone apocryphal applicable applied apply approach appropriate apt are are: areas arguable argue article articulated ask asked assess assets associated astute attack attacker attacker’s attackers attacking attacks attempt author bank banks banks” based basic because been behavior behaviors being believe benefit benefits best better between bot both brand build but calculus can capabilities; capitalism capitalism’ card care centrifuges century certainty chain chains changed chaos choice classic classified climbing coined combination commit committing common companies company competitors complex compromise compromised concept conducing confidential cons consider considered considering construction contrast controls convenient coordinate cost costs could create creator crime criminal criminologists critical cyber cyberattacks cybercrime cyberspace dark data data’ decide decision decisions deconflict defacement defending degree democracy deniability department depicted described desire desiring destroy destroying destruction determine deterrence developing development diagram different difficult discuss disgruntled disparaging dispute disrupting does doing doubt drive driven each earth earth’ eating echoes effectively efficiently effort either elf eliminate emphasis employ employees enable enforcement engaging espionage evaluated evaluating even event example examples exclusive executives exist explore exposure external extremists extrinsic extrinsically face facilitate facilitation fact factor factors fairly favor final financial financially focused foreseeable former framework frequently from front fundamentally further general generally generic global good government great group groups hackers’ hacking hacktivism harm has have health hear heptad here hidden homeland human humans identifiable identified identify ideological ignore ignores illicit impacts implementing important impossible incite includes including indicate individual individual’s information initiating install institute intellectual intent interests internal intrinsic intrinsically involved iranian irresponsible is” issues large largest law legal liberation light lion’s lottery loved machine magnetic make makes making malware management manufacturer manufacturing many mark marketing may messages method military mining model models monetized money more most motivated motivating motivation motivational motivations mountain movie must mutually nation national naïve negative net nets news nist normally not note noted nothing notorious now nuisance nuisance/destruction numbers numerous offensive often one operational operations…” order organization organizations organized other own participant particular parts patents payment people percentage perpetrated persistent person personal personally pii place planet” plans plausible play playing point political pos posed position posits possess possible post posture potential practical premise prevent primarily primary processes products program property pros providers provides proxies question: questions ram rational ratios readers reality reason reasons recently reduce refrain related relationship relevant relies rely remarks repeats replete reported reports represents result retailers revenge rewards right risk risk’ risks rob robbed robber sale same satisfying says: secrets security select selling served service services seven share she short should simply single situations six social social/political solid some someone something speak speaking specialized standards state stated state |
| Tags | Malware Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.