top of page
  • Writer's pictureRichard Blech

Deter Cyber Attacks by Thinking Like a Threat Actor

There can be a wide gap between the cyber threat actor’s capability for launching a cyber attack and infiltrating an organization’s IT environment and the readiness of an organization’s cybersecurity infrastructure. In addressing the acute threat of cyber attacks, IT environments ideally have to be impossible to infiltrate and able to withstand human error and indifference.

Sometimes utilizing a different point of view is necessary to achieve the desired results. In the case of cybersecurity and data protection, examining the IT infrastructure from the point of view of a threat actor is a practice that all organizations should employ.


Why is understanding the threat actor’s perspective important to an organization’s IT and data security? An objective and critical assessment of the IT environment:

  • Helps to identify IT vulnerabilities and deficiencies, particularly with regard to credentials and privileged account access.

  • Informs the creation of a proactive cybersecurity framework that can deter threat actors much sooner in the cyber attack process, well before they are able to establish a foothold in the system.

  • Highlights which cybersecurity technologies and policies are necessary to address the specific security issues of the IT environment, aiding in more efficient use of financial and personnel resources.

So what do threat actors consider when choosing their targets?


Threat actors will assess a potential target’s IT environment from the outside to determine where they can strike. The components of the attack surface can reveal important details. The actors will aim for certain tools, such as firewalls, VPN gateway devices or remote support solutions. This is because if these assets are successfully compromised, then the actors will have an almost unencumbered path to the system where they will be able move along the cyber kill chain. They can gain access to the desired credentials and then filter out data or deposit malicious code. According to CISA, four of the most targeted vulnerabilities in 2020 impacted remote work, cloud-based technologies or VPNs. This is unsurprising as remote work increased significantly during the pandemic. However, the trend has continued well into 2021.

Another area of vulnerability include hardware devices that have no or insufficient protection and that that are physically embedded into a network. Attackers will also exploit online systems that are connected to an organization’s network. One recent and notable example of this occurring is the Kaseya ransomware attack; another example is the still ongoing wave of cyber attacks against cloud software services by Russian hackers. Malicious actors are also targeting the firmware on employee laptops, networking components, IoT and IIoT devices and more that is creating an expanded attack surface.


When determining points of weakness, threat actors not only asks what, but also who. Employees are routinely targeted with malware attacks, like phishing scams, through email or on social media. Which employees are most likely at risk? As mentioned earlier, remote workers have been a popular target. Those workers that are returning to the office have become a growing target. Threat actors will especially prioritize those employees, such as C-suite executives, human resources personnel and salespersons, who are most likely to have the access to the most sensitive data and who are most likely highly connected with other departments within the organization and other organizations. The susceptibility of employees routinely leveraged by threat actors, which make the educating of employees regarding cybersecurity absolutely critical. It also makes the encryption of data and absolutely necessary part of any organization’s cybersecurity. Should the actors gain access into a system using an employee’s credentials, any data that they are able to access will be indecipherable and impossible to use.


The main point to derive here is that hacking is a business and hackers will do what is necessary to reduce their expenses, increase their revenue and maximize their profits (or create the most disruption) with limited resources. There is risk in cyber crime and malicious actors will prioritize the targets that are most likely to help them achieve their objectives. Being able to attack multiple targets with high earning potential at once is ideal. Also, the more frequently they are able to use a particular exploit is also considered beneficial.


When a potential point of vulnerability has been identified, the launching of an attack is not automatic. Threat actors have to determine if they already have the tools, namely the exploits, to leverage the targets. If not, they have to determine if the resources and time required to research the vulnerability, develop the exploit and test and retest the exploit to determine the best angle of attack is justified. The attackers may also have the option to purchase the needed cyber exploits kits on the black market. Organizations that discover vulnerabilities in their applications or software should apply any required patches as soon as possible. It the patches are currently unavailable, temporary alternate means of executing the functions of the application or software should be employed.


Organization leaders have to act on the assumption that there is a live cyber threat and that their digital assets are in jeopardy. It is necessary to obtain a deep understanding of how a threat actor may choose a target. Using the hacker’s mentality to examine every potential access point and imagine every worst case scenario can help with determining which security solutions, like XSOC Corp’s quantum-ready cryptographic solutions, are essential for preventing data loss. Contact us today to learn how our technology can shore up your organization’s data.


bottom of page