Cyber threats: who the players are and what protection strategies should be adopted

6 min

Any breach, regardless of where it comes from, damages the business. To best protect ourselves, we need to anticipate potential sources of attack and strengthen our defences in advance. The winning strategy? Knowing your company’s vulnerabilities and being able to identify cyber threats. Understanding the motivations behind an intrusion helps us identify its source. Here is an analysis of the main sources of cyber-attacks, as identified by Gartner, and an answer to the question of how to protect against them.

The cyber threats landscape: from criminals to Nation States

As technologies and their applications change at an ever-increasing speed, so too, partly due to their support, cyber threats are becoming more sophisticated and difficult to predict. The difficulty also lies in predicting the source from which the attack will come.

We could be hit by cybercriminals motivated mainly by financial targets, whose attacks have increased in parallel with the rise of ransomware. Or by individual hackers, driven by personal motivations or the pursuit of technical challenges. To date, this type of attack represents by far the largest percentage of threats to protect against.

Another worrying segment is insiders: employees or former employees who, with access to internal systems, can cause significant damage. Finally, state-sponsored actors, although in the minority in terms of overall attack volume, are often responsible for highly sophisticated operations with serious consequences.

Clusit, the Italian Association for Information Security, has translated this overview into data in the ‘Clusit Report 2023’. On a global scale, it is evident how, in 2022, there was a predominance of cybercriminal attacks: around 82% of global incidents with over 2,000 cases, a 15% increase compared to 2021. These attacks, often associated with economic damage due to ransomware, have followed an increasing trend over the last five years.

At the same time, attacks related to espionage, sabotage, cyber warfare, and activism have reached historic highs. In particular, the percentage increase between 2021 and 2022 for cyber warfare attacks is 110%, and for hacktivism 320%, influenced by tensions in Europe.

Let’s now move on to a more precise description of the main actors responsible for cyber-attacks and assess what would be an appropriate strategy to prevent or combat them.

cyber threats

Cybercriminals: when profit is the motivation

For cybercriminals, attacks are a source of profit. They have no special interest in the threatened company other than to make a high profit from the attack on their internal systems. This drives them to seek increasingly sophisticated threats to steal sensitive information and/or block access to systems and documents.

Once they have obtained the valuable information, criminals will sell it on the black market or use it for fraudulent activities. Or they may lock down the systems for an immediate ransom. Such actions will result in significant financial losses for the company in question, severe damage to brand reputation, and disruption of business continuity.

If a company falls victim to a cybercriminal attack, it will face costly investigations and, in some cases, regulatory sanctions or legal action from consumers and shareholders. The economic damage and loss of reputation will be difficult to recover quickly.

What is the best protection strategy? To defend ourselves, we must first put in place a robust security strategy. This includes implementing the latest anti-virus solutions, continually training employees on the latest phishing techniques, and using advanced encryption methods to ensure that sensitive data remains secure. By being proactive, you can protect your digital assets and ensure business continuity.

Insiders: motivated by revenge or negligence

We have devoted an entire article to insider threats, those posed by colleagues, former employees, or people who work with the organization and have access to critical systems. The motivations that drive an insider to action, in this case, are manifold: they range from revenge to personal gain to negligence.

In the first case, when we talk about revenge, the impact is much greater because there is premeditation. The revenge-seeking insider knows the company’s vulnerabilities and will seek to cause significant damage, such as the disclosure of trade secrets or sensitive customer information. Insiders include current employees who may be disgruntled, former employees who still have access to company resources or partners and associates with privileges on key systems.

What is the best protection strategy? First and foremost, manage access to corporate resources carefully. It is common for passwords to be passed from one desk to another, or for a sensitive activity to be temporarily ‘handed off’ to another resource. Well, this carelessness can turn into serious damage. It is, therefore, essential to monitor and record all data and system-related activity to identify suspicious behavior. Implementing the principle of ‘least privilege’ ensures that individuals only have access to the resources they need for their role. Finally, conducting regular audits of personnel and their activities can prevent potential misuse.


Knowing who might be behind a cyber threat is the first step to fighting them. Even before they decide to attack your organization. Click To Tweet

Hackers: driven by revenge, personal gain and profit

Hackers are a distinct category from the previous two, although there are common characteristics. They differ from cybercriminals in that their goal is not just to profit, and, unlike insiders, they can be external to the organization. Their motivations, on the other hand, are a combination of the two: they may do it for profit, but also for personal gain, financial gain, professional revenge, or competitive rivalry.

Equipped with advanced technical skills, their constant goal is to gain unauthorized access to information systems. If they succeed, they risk exposing trade secrets and giving the company that commissioned the theft a competitive advantage. They could also cause operational disruption or undermine brand reputation.

What is the best protection strategy? To protect the corporate infrastructure, we need to keep all software and operating systems up to date, as updates often include fixes for known vulnerabilities. Using advanced firewalls and intrusion detection systems to filter and monitor traffic to identify and block intrusion attempts. In addition, regular penetration testing should be carried out. This allows organizations to simulate hacker attacks in a controlled environment, identify potential vulnerabilities, and take timely action to remediate them. By taking these proactive steps, organizations can strengthen their security posture against external threats.

Hacktivists: when the motivation is political or social

Hacktivists represent a particular segment of the cyber threat whose purpose is not purely economic. Guided by political or social beliefs, they act with the intention of exposing, altering, or disrupting the operations of organizations that they believe are responsible for injustice or that they disagree with.

These types of attacks often have as their primary objective not only technological damage but also reputational damage. They aim to disrupt business operations, damage the brand and reputation, and, as a side effect, try to expose the rotten side of the brand to convince consumers not to buy.

Motivated by a cause, they try to create pressure for change. In the past, companies producing real fur or coats stuffed with goose feathers have been attacked by animal rights activists. These actions have caused significant reputational damage, directly affecting their business models and causing them to move to other markets.

What is the best protection strategy? In addition to implementing robust cyber security measures such as firewalls, anti-malware software, and intrusion detection systems, organizations need to take a holistic approach. It is essential to continually monitor one’s online reputation and maintain an up-to-date understanding of relevant political and social issues, especially those that may conflict with the company’s operations or mission. Awareness and preparedness in these areas will enable organizations to anticipate potential threats and respond quickly to attacks, protecting not only their operational integrity but also their public image.

Subscribe to our newsletter

Nation States: seeking economic, political, military advantage

This is the riskiest category because the attacks are not aimed at damaging an individual company, but can bring entire nations to a standstill. The actors, in this case, are sponsored by state apparatuses, backed by state resources, and specialize in advanced cyber espionage, cyber warfare, and sabotage operations. They are often motivated by political, military, or economic advantage.

Given the high stakes, they also receive significant support and training. As a result, their attacks are often characterized by a degree of precision that is difficult to match. It is this ability to carry out targeted and sustained attacks that distinguishes them from other types of threats. What damage can they cause? Successful intrusions can result in the loss of competitive advantage, compromise of trade secrets and intellectual property, or even disruption of critical infrastructure, with significant implications for national security.

What is the best protection strategy? In the face of such adversaries, standard security measures may not be enough. It is, therefore, essential to strengthen your technical defenses and extend your security networks through partnerships. Working closely with government agencies and strategic industry partners offers a dual advantage: it allows organizations to gain timely access to critical information about emerging threats and to join collective efforts to counter advanced offensive tactics. In an era where threats are increasingly global and interconnected, a collaborative approach to cyber security is not only advisable but essential.

Quanto hai trovato utile questo articolo?

Clicca la lampadina per votare!