ATTACK SURFACE IN THE CONTEXT OF ITS USERS (“TREAT ACTORS”) FOR CRITICAL INFRASTRUCTURE FACILITIES
DOI:
https://doi.org/10.28925/2663-4023.2024.24.229240Keywords:
malicious actor; threat actor; attack surface; critical infrastructure object (CIO); Internet of Things (IoT).Abstract
In the modern digital world, where information technology is an integral part of life, cybersecurity issues are becoming increasingly relevant. One of the key aspects of protecting information systems is managing the attack surface, which includes all possible entry points for malicious actors. Forming and managing the attack surface is a complex task that requires constant attention and improvement. Malicious actors (“Threat actors”) play a crucial role in this process. They constantly seek new ways to penetrate systems, using various methods and techniques. These “actors” can vary in their origins and motivations: from cybercriminals seeking financial gain to state actors conducting espionage and sabotage activities. Understanding the types of “malicious actors” and their methods is essential for effective attack surface management. This understanding helps to timely detect and eliminate vulnerabilities, improve system and network configurations, and raise staff awareness of modern cyber threats. This article examines the key aspects of forming the attack surface, focusing on the role of “malicious actors”. It explores the types of “malicious actors”, their methods and techniques, and provides practical recommendations for reducing risks and improving the protection of information systems. Additionally, conducting regular security audits and implementing modern protection technologies such as intrusion detection systems, data encryption, and multi-factor authentication are important. Thus, a comprehensive approach to managing the attack surface, which includes understanding “Threat actors”, utilizing modern protection technologies, and continuously training personnel, is crucial for effectively protecting the information systems of critical infrastructure.
Downloads
References
Al-Bakri, A., & De Cock, M. (2021). Threat Actor Type Inference and Characterization within Cyber Threat Intelligence. arXiv:2103.02301.
Fortinet. (2021). Understanding Today’s Threat Actors. Fortinet White Paper. https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-understanding-todays-threat-actors.pdf
Sailio, M., Latvala, O.-M., & Szanto, A. (2020). Cyber Threat Actors for the Factory of the Future. Appl. Sci. 10(12), 4334. https://doi.org/10.3390/app10124334
“Lessons of Russia's Armed Aggression against Ukraine - Military and Strategic Aspects” (2021). Collection of materials of the interdepartmental scientific and practical conference of the Department of National Security and Defense Strategy. Ivan Chernyakhovsky National Defense University of Ukraine.
What is a Threat Actor? | IBM. (n.d.). IBM - United States. https://www.ibm.com/topics/threat-actor
Australian Cyber Security Centre. (2021). Guidance for the Critical Infrastructure Risk Management Program. https://www.cisc.gov.au/resources-subsite/Documents/guidance-for-the-critical-infrastructure-risk-management-program.pdf
StaffCop Enterprise. (n.d.). Energy and Utilities Sector Cyber Security. https://www.staffcop.com/energy-and-utilities-sector-cyber-security/
Business Law Today. (2021). SaaS Agreements: Key Contractual Provisions. https://businesslawtoday.org/2021/11/saas-agreements-key-contractual-provisions/
National Cyber Security Centre. (2021). NCSC Warns of Enduring Significant Threat to UK’s Critical Infrastructure. https://www.ncsc.gov.uk/news/ncsc-warns-enduring-significant-threat-to-uks-critical-infrastructure
Gallagher Security. (n.d.). Understanding the Impact of Insider Threats. https://security.gallagher.com/en-HK/Blog/Understanding-the-Impact-of-Insider-Threats
Neumetric. (n.d.). Role-Based Access Control (RBAC) for Cybersecurity. https://www.neumetric.com/role-based-access-control-rbac-for-cybersecurity/
Teramind. (n.d.). User Activity Monitoring.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Олексій Скіцько, Роман Ширшов
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.