Understanding the difference between attackers’ motivations and tactics
One of the reasons I’ve found so many organizations lack focus and competency around the cybersecurity fundamentals is the way big data breaches have been reported in the news over the last decade. Stories that claim an attack was the “most advanced attack seen to date” or the work of “a nation state” seem to be common. But when you take a closer look at these attacks, the victim organization was always initially compromised by attackers using one or more of the Cybersecurity Usual Suspects that I outlined in this chapter.
There are attackers that operate in the open because they don’t believe there are consequences for their illicit activities, based on their location, legal jurisdiction, or who sponsors their work. This used to be the exception to the rule that they will obfuscate their true affiliations and identities. However, there has been a proliferation...
