JENNY MENNA

The cyber threat landscape is complex and constantly changing, and it can be difficult for even the most avid practitioner to keep up. Malware and ransomware variants morph and are renamed constantly by their creators. The question we will ask in this chapter is, who is behind the threats we face?

While cyberattacks leverage complex technologies, people are at the root of every successful breach or incident. Machines don’t write malware and exploits; humans do. These attacks support their objectives. Those objectives vary widely.

There are malicious outsiders, from nation-states to criminals to hacktivists. But insiders—people inside your organization—are also often part of the problem.

We sometimes see malicious insiders, people who intentionally sabotage their employers for revenge or sell their credentials for profit.

Far more prevalent are everyday employees who inadvertently become part of the insider threat. People make mistakes configuring their environments. They may fail to prioritize patching. Budget cuts reduce investments in good security practices.

What happens is understandable. People want to get their jobs done faster and take shortcuts that unintentionally subvert security processes and tools. And sometimes people are simply tired from a night awake with a crying baby and accidentally click on a link in a phishing email that they wouldn’t fall for on a good day.

This chapter explores how people can ...