{"id":362713,"date":"2025-10-23T14:32:33","date_gmt":"2025-10-23T09:02:33","guid":{"rendered":"https:\/\/www.technologyforyou.org\/?p=362713"},"modified":"2025-10-23T14:32:33","modified_gmt":"2025-10-23T09:02:33","slug":"threat-actors-who-they-are-what-they-do-and-how-to-stay-safe","status":"publish","type":"post","link":"https:\/\/www.technologyforyou.org\/threat-actors-who-they-are-what-they-do-and-how-to-stay-safe\/","title":{"rendered":"Threat Actors \u2014 who they are, what they do, and how to stay safe"},"content":{"rendered":"<p data-start=\"68\" data-end=\"457\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Threat actors are individuals or groups who use digital, physical, or social techniques to steal data, disrupt systems, commit fraud, or gain unauthorized access to people and organisations. This article explains the common types of threat actors, their methods, signs of compromise, and \u2014 most importantly \u2014 practical, actionable steps you can take to reduce risk and recover if attacked.<\/span><\/p>\n<p data-start=\"464\" data-end=\"492\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">1. Types of threat actors<\/span><\/strong><\/p>\n<ul data-start=\"493\" data-end=\"1414\">\n<li data-start=\"493\" data-end=\"613\">\n<p data-start=\"495\" data-end=\"613\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"495\" data-end=\"513\">Cybercriminals<\/strong> \u2014 motivated by money. They run ransomware, banking Trojans, phishing, card skimmers, and botnets.<\/span><\/p>\n<\/li>\n<li data-start=\"614\" data-end=\"822\">\n<p data-start=\"616\" data-end=\"822\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"616\" data-end=\"678\">State-sponsored actors (APT \u2014 Advanced Persistent Threats)<\/strong> \u2014 nation-backed groups that pursue espionage, sabotage, or influence operations. They tend to use sophisticated, long-term intrusion methods.<\/span><\/p>\n<\/li>\n<li data-start=\"823\" data-end=\"1013\">\n<p data-start=\"825\" data-end=\"1013\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"825\" data-end=\"844\">Insider threats<\/strong> \u2014 current or former employees, contractors, or partners who intentionally or accidentally misuse access. Motives range from financial gain to grievance or negligence.<\/span><\/p>\n<\/li>\n<li data-start=\"1014\" data-end=\"1156\">\n<p data-start=\"1016\" data-end=\"1156\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"1016\" data-end=\"1031\">Hacktivists<\/strong> \u2014 ideologically motivated actors who deface sites, leak data, or disrupt services to advance a political or social agenda.<\/span><\/p>\n<\/li>\n<li data-start=\"1157\" data-end=\"1286\">\n<p data-start=\"1159\" data-end=\"1286\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"1159\" data-end=\"1192\">Script kiddies \/ opportunists<\/strong> \u2014 less-skilled attackers who reuse public tools and exploits to strike low-hanging targets.<\/span><\/p>\n<\/li>\n<li data-start=\"1287\" data-end=\"1414\">\n<p data-start=\"1289\" data-end=\"1414\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"1289\" data-end=\"1315\">Supply-chain attackers<\/strong> \u2014 target software, services, or hardware vendors to reach many victims through a trusted supplier.<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"1421\" data-end=\"1466\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">2. Common attack vectors (how they get in)<\/span><\/strong><\/p>\n<ul data-start=\"1467\" data-end=\"2258\">\n<li data-start=\"1467\" data-end=\"1602\">\n<p data-start=\"1469\" data-end=\"1602\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"1469\" data-end=\"1502\">Phishing \/ social engineering<\/strong> \u2014 fake emails, messages, or calls that trick users into revealing credentials or running malware.<\/span><\/p>\n<\/li>\n<li data-start=\"1603\" data-end=\"1714\">\n<p data-start=\"1605\" data-end=\"1714\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"1605\" data-end=\"1645\">Exploiting unpatched vulnerabilities<\/strong> \u2014 attackers scan for known security holes in software and devices.<\/span><\/p>\n<\/li>\n<li data-start=\"1715\" data-end=\"1824\">\n<p data-start=\"1717\" data-end=\"1824\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"1717\" data-end=\"1745\">Weak or reused passwords<\/strong> \u2014 credential stuffing and brute-force attacks exploit predictable passwords.<\/span><\/p>\n<\/li>\n<li data-start=\"1825\" data-end=\"1935\">\n<p data-start=\"1827\" data-end=\"1935\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"1827\" data-end=\"1866\">Malicious attachments and downloads<\/strong> \u2014 documents with macros, pirated software, or infected installers.<\/span><\/p>\n<\/li>\n<li data-start=\"1936\" data-end=\"2033\">\n<p data-start=\"1938\" data-end=\"2033\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"1938\" data-end=\"1964\">Insecure remote access<\/strong> \u2014 exposed RDP, SSH, VPNs, or cloud consoles with poor protections.<\/span><\/p>\n<\/li>\n<li data-start=\"2034\" data-end=\"2156\">\n<p data-start=\"2036\" data-end=\"2156\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"2036\" data-end=\"2064\">Compromised supply chain<\/strong> \u2014 malicious updates or dependencies injected into otherwise legitimate software\/hardware.<\/span><\/p>\n<\/li>\n<li data-start=\"2157\" data-end=\"2258\">\n<p data-start=\"2159\" data-end=\"2258\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"2159\" data-end=\"2196\">Third-party integrations and APIs<\/strong> \u2014 attackers abuse misconfigurations or excessive permissions.<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2265\" data-end=\"2311\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">3. Signs you may be targeted or compromised<\/span><\/strong><\/p>\n<ul data-start=\"2312\" data-end=\"2799\">\n<li data-start=\"2312\" data-end=\"2400\">\n<p data-start=\"2314\" data-end=\"2400\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Unexpected password reset notifications or login attempts from unfamiliar locations.<\/span><\/p>\n<\/li>\n<li data-start=\"2401\" data-end=\"2470\">\n<p data-start=\"2403\" data-end=\"2470\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Sudden slowdown, unexplained crashes, or unusual network traffic.<\/span><\/p>\n<\/li>\n<li data-start=\"2471\" data-end=\"2549\">\n<p data-start=\"2473\" data-end=\"2549\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">New accounts, unknown scheduled tasks, or services starting automatically.<\/span><\/p>\n<\/li>\n<li data-start=\"2550\" data-end=\"2617\">\n<p data-start=\"2552\" data-end=\"2617\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Unusual outbound connections (to strange IP addresses\/domains).<\/span><\/p>\n<\/li>\n<li data-start=\"2618\" data-end=\"2711\">\n<p data-start=\"2620\" data-end=\"2711\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Files encrypted with a ransom note, or documents you didn\u2019t create being leaked publicly.<\/span><\/p>\n<\/li>\n<li data-start=\"2712\" data-end=\"2799\">\n<p data-start=\"2714\" data-end=\"2799\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Alerts from security tools (antivirus, EDR, email gateway) about suspicious activity.<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2806\" data-end=\"2874\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">4. Prevention \u2014 foundational controls (individuals &amp; small teams)<\/span><\/strong><\/p>\n<ol data-start=\"2875\" data-end=\"4169\">\n<li data-start=\"2875\" data-end=\"3034\">\n<p data-start=\"2878\" data-end=\"3034\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"2878\" data-end=\"2922\">Enable Multi-Factor Authentication (MFA)<\/strong> everywhere possible. Use an authenticator app or hardware security keys (FIDO2) rather than SMS if available.<\/span><\/p>\n<\/li>\n<li data-start=\"3035\" data-end=\"3139\">\n<p data-start=\"3038\" data-end=\"3139\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"3038\" data-end=\"3064\">Use a password manager<\/strong> to generate and store unique, strong passwords. Avoid reusing passwords.<\/span><\/p>\n<\/li>\n<li data-start=\"3140\" data-end=\"3254\">\n<p data-start=\"3143\" data-end=\"3254\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"3143\" data-end=\"3184\">Keep devices and software up to date.<\/strong> Set automatic updates for OS, browsers, plugins, and critical apps.<\/span><\/p>\n<\/li>\n<li data-start=\"3255\" data-end=\"3378\">\n<p data-start=\"3258\" data-end=\"3378\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"3258\" data-end=\"3294\">Back up important data regularly<\/strong> (3-2-1 rule: 3 copies, 2 different media, 1 offsite). Test restores periodically.<\/span><\/p>\n<\/li>\n<li data-start=\"3379\" data-end=\"3565\">\n<p data-start=\"3382\" data-end=\"3565\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"3382\" data-end=\"3422\">Be skeptical of unexpected messages.<\/strong> Verify requests for credentials or money via a second channel (call the person). Never click links or open attachments from unknown senders.<\/span><\/p>\n<\/li>\n<li data-start=\"3566\" data-end=\"3694\">\n<p data-start=\"3569\" data-end=\"3694\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"3569\" data-end=\"3596\">Limit admin privileges.<\/strong> Use standard accounts for day-to-day tasks and separate admin accounts for administrative work.<\/span><\/p>\n<\/li>\n<li data-start=\"3695\" data-end=\"3796\">\n<p data-start=\"3698\" data-end=\"3796\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"3698\" data-end=\"3737\">Install reputable security software<\/strong> (antivirus\/antimalware) and enable real-time protection.<\/span><\/p>\n<\/li>\n<li data-start=\"3797\" data-end=\"3887\">\n<p data-start=\"3800\" data-end=\"3887\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"3800\" data-end=\"3837\">Lock screens and encrypt devices.<\/strong> Use full-disk encryption on laptops and phones.<\/span><\/p>\n<\/li>\n<li data-start=\"3888\" data-end=\"4037\">\n<p data-start=\"3891\" data-end=\"4037\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"3891\" data-end=\"3921\">Use a secure home network.<\/strong> Change default router credentials, use WPA3\/WPA2 encryption, and segment IoT devices on a separate guest network.<\/span><\/p>\n<\/li>\n<li data-start=\"4038\" data-end=\"4169\">\n<p data-start=\"4042\" data-end=\"4169\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"4042\" data-end=\"4079\">Educate yourself and your family.<\/strong> Teach people how to spot phishing, social-engineering tactics, and safe practices online.<\/span><\/p>\n<\/li>\n<\/ol>\n<p data-start=\"4176\" data-end=\"4229\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">5. Prevention \u2014 organisational &amp; advanced controls<\/span><\/strong><\/p>\n<ol data-start=\"4230\" data-end=\"5535\">\n<li data-start=\"4230\" data-end=\"4337\">\n<p data-start=\"4233\" data-end=\"4337\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"4233\" data-end=\"4262\">Patch management program.<\/strong> Inventory systems and apply security patches in a timely, tested manner.<\/span><\/p>\n<\/li>\n<li data-start=\"4338\" data-end=\"4479\">\n<p data-start=\"4341\" data-end=\"4479\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"4341\" data-end=\"4366\">Network segmentation.<\/strong> Separate critical systems (finance, production, backups) from general-user networks to limit lateral movement.<\/span><\/p>\n<\/li>\n<li data-start=\"4480\" data-end=\"4591\">\n<p data-start=\"4483\" data-end=\"4591\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"4483\" data-end=\"4523\">Endpoint Detection &amp; Response (EDR).<\/strong> Deploy EDR to detect and respond to suspicious endpoint activity.<\/span><\/p>\n<\/li>\n<li data-start=\"4592\" data-end=\"4758\">\n<p data-start=\"4595\" data-end=\"4758\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"4595\" data-end=\"4647\">Email gateway security and phishing simulations.<\/strong> Use anti-phishing filters, DKIM\/SPF\/DMARC email authentication, and run regular simulated phishing training.<\/span><\/p>\n<\/li>\n<li data-start=\"4759\" data-end=\"4889\">\n<p data-start=\"4762\" data-end=\"4889\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"4762\" data-end=\"4819\">Least privilege and role-based access control (RBAC).<\/strong> Limit access to only what users need. Regularly review permissions.<\/span><\/p>\n<\/li>\n<li data-start=\"4890\" data-end=\"5002\">\n<p data-start=\"4893\" data-end=\"5002\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"4893\" data-end=\"4919\">Zero Trust principles.<\/strong> Authenticate and authorize every access request, regardless of network location.<\/span><\/p>\n<\/li>\n<li data-start=\"5003\" data-end=\"5136\">\n<p data-start=\"5006\" data-end=\"5136\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"5006\" data-end=\"5040\">Logging, monitoring, and SIEM.<\/strong> Centralise logs, monitor for anomalies, and retain logs long enough to investigate incidents.<\/span><\/p>\n<\/li>\n<li data-start=\"5137\" data-end=\"5268\">\n<p data-start=\"5140\" data-end=\"5268\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"5140\" data-end=\"5189\">Threat intelligence &amp; vulnerability scanning.<\/strong> Use feeds and scanners to stay aware of relevant threats and exposed assets.<\/span><\/p>\n<\/li>\n<li data-start=\"5269\" data-end=\"5409\">\n<p data-start=\"5272\" data-end=\"5409\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"5272\" data-end=\"5320\">Incident response plan &amp; tabletop exercises.<\/strong> Have an IR plan, defined roles, communication paths, and regularly rehearse scenarios.<\/span><\/p>\n<\/li>\n<li data-start=\"5410\" data-end=\"5535\">\n<p data-start=\"5414\" data-end=\"5535\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"5414\" data-end=\"5447\">Secure development practices.<\/strong> Apply secure coding, dependency scanning, and code reviews to reduce supply-chain risk.<\/span><\/p>\n<\/li>\n<\/ol>\n<p data-start=\"5542\" data-end=\"5586\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">6. What to do if you suspect a compromise<\/span><\/strong><\/p>\n<ol data-start=\"5587\" data-end=\"6972\">\n<li data-start=\"5587\" data-end=\"5718\">\n<p data-start=\"5590\" data-end=\"5718\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"5590\" data-end=\"5619\">Isolate affected systems.<\/strong> Disconnect infected machines from the network (but preserve evidence if investigation required).<\/span><\/p>\n<\/li>\n<li data-start=\"5719\" data-end=\"5968\">\n<p data-start=\"5722\" data-end=\"5968\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"5722\" data-end=\"5765\">Change passwords and revoke credentials<\/strong> for affected accounts \u2014 but only after capturing forensic evidence if needed (in some investigations, immediate resets can destroy traces; coordinate with IR team or law enforcement when appropriate).<\/span><\/p>\n<\/li>\n<li data-start=\"5969\" data-end=\"6111\">\n<p data-start=\"5972\" data-end=\"6111\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"5972\" data-end=\"6009\">Notify your security\/contact team<\/strong> (or your IT support) immediately. If you\u2019re an individual, contact your bank and relevant services.<\/span><\/p>\n<\/li>\n<li data-start=\"6112\" data-end=\"6251\">\n<p data-start=\"6115\" data-end=\"6251\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"6115\" data-end=\"6145\">Collect logs and evidence.<\/strong> Save system logs, emails, and relevant artifacts. This helps responders contain and analyze the attack.<\/span><\/p>\n<\/li>\n<li data-start=\"6252\" data-end=\"6467\">\n<p data-start=\"6255\" data-end=\"6467\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"6255\" data-end=\"6286\">Restore from clean backups.<\/strong> Only restore after ensuring the infection has been eradicated. If ransomware is involved, consult professionals \u2014 paying ransom is not recommended and doesn\u2019t guarantee recovery.<\/span><\/p>\n<\/li>\n<li data-start=\"6468\" data-end=\"6605\">\n<p data-start=\"6471\" data-end=\"6605\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"6471\" data-end=\"6499\">Scan and harden systems.<\/strong> Patch vulnerabilities, close exposed services, rotate keys\/certificates, and apply configuration fixes.<\/span><\/p>\n<\/li>\n<li data-start=\"6606\" data-end=\"6772\">\n<p data-start=\"6609\" data-end=\"6772\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"6609\" data-end=\"6639\">Communicate transparently.<\/strong> For organisations, inform affected users, customers, and regulators as required by law. Have prepared templates for communication.<\/span><\/p>\n<\/li>\n<li data-start=\"6773\" data-end=\"6972\">\n<p data-start=\"6776\" data-end=\"6972\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"6776\" data-end=\"6802\">Report to authorities.<\/strong> In many countries you should report cybercrime to law enforcement (e.g., local cybercrime cell, CERT\/CC). Reporting helps track threat actors and prevent future attacks.<\/span><\/p>\n<\/li>\n<\/ol>\n<p data-start=\"6979\" data-end=\"7022\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">7. Practical tools &amp; habits (quick wins)<\/span><\/strong><\/p>\n<ul data-start=\"7023\" data-end=\"7671\">\n<li data-start=\"7023\" data-end=\"7150\">\n<p data-start=\"7025\" data-end=\"7150\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"7025\" data-end=\"7053\">Use an authenticator app<\/strong> (Google Authenticator, Microsoft Authenticator, Authy) or hardware key for important accounts.<\/span><\/p>\n<\/li>\n<li data-start=\"7151\" data-end=\"7252\">\n<p data-start=\"7153\" data-end=\"7252\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"7153\" data-end=\"7183\">Password manager examples:<\/strong> Bitwarden, 1Password, LastPass (choose based on trust &amp; features).<\/span><\/p>\n<\/li>\n<li data-start=\"7253\" data-end=\"7360\">\n<p data-start=\"7255\" data-end=\"7360\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"7255\" data-end=\"7267\">Backups:<\/strong> Use both cloud backups and offline\/inaccessible backups (air-gapped or immutable backups).<\/span><\/p>\n<\/li>\n<li data-start=\"7361\" data-end=\"7519\">\n<p data-start=\"7363\" data-end=\"7519\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"7363\" data-end=\"7383\">Browser hygiene:<\/strong> Remove unused extensions, enable pop-up blockers, and consider using containerized browsing or separate browsers for sensitive tasks.<\/span><\/p>\n<\/li>\n<li data-start=\"7520\" data-end=\"7671\">\n<p data-start=\"7522\" data-end=\"7671\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"7522\" data-end=\"7536\">For email:<\/strong> Enable DMARC, SPF, DKIM for domains; use email clients that warn about external senders or display full email headers when suspicious.<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"7678\" data-end=\"7744\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">8. Special cases: ransomware, deepfakes, and targeted espionage<\/span><\/strong><\/p>\n<ul data-start=\"7745\" data-end=\"8341\">\n<li data-start=\"7745\" data-end=\"7952\">\n<p data-start=\"7747\" data-end=\"7952\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"7747\" data-end=\"7762\">Ransomware:<\/strong> Prioritise backups and offline copies. Never assume paying ransom will recover data \u2014 it encourages attackers and may not work. Engage incident response professionals and law enforcement.<\/span><\/p>\n<\/li>\n<li data-start=\"7953\" data-end=\"8150\">\n<p data-start=\"7955\" data-end=\"8150\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"7955\" data-end=\"7985\">Deepfakes \/ impersonation:<\/strong> Verify unusual financial or legal requests via an independent channel. Use strict verification for wire transfers and executive requests (e.g., call-back policy).<\/span><\/p>\n<\/li>\n<li data-start=\"8151\" data-end=\"8341\">\n<p data-start=\"8153\" data-end=\"8341\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\"><strong data-start=\"8153\" data-end=\"8182\">Targeted espionage (APT):<\/strong> If you suspect high-risk targeting (e.g., government contractor, critical infrastructure), engage professional incident responders and national CERTs quickly.<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"8348\" data-end=\"8381\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">9. Building a security culture<\/span><\/strong><\/p>\n<ul data-start=\"8382\" data-end=\"8764\">\n<li data-start=\"8382\" data-end=\"8446\">\n<p data-start=\"8384\" data-end=\"8446\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Security is not only technology \u2014 it\u2019s people and processes.<\/span><\/p>\n<\/li>\n<li data-start=\"8447\" data-end=\"8580\">\n<p data-start=\"8449\" data-end=\"8580\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Run regular, short security training sessions and phishing drills. Reward reporting of suspicious emails (don\u2019t punish mistakes).<\/span><\/p>\n<\/li>\n<li data-start=\"8581\" data-end=\"8685\">\n<p data-start=\"8583\" data-end=\"8685\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Make incident reporting simple and non-judgemental. The faster you know, the better you can respond.<\/span><\/p>\n<\/li>\n<li data-start=\"8686\" data-end=\"8764\">\n<p data-start=\"8688\" data-end=\"8764\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Keep leadership engaged \u2014 security requires budget and support from the top.<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"8771\" data-end=\"8824\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">10. Checklist \u2014 immediate actions you can do today<\/span><\/strong><\/p>\n<ol data-start=\"8825\" data-end=\"9350\">\n<li data-start=\"8825\" data-end=\"8875\">\n<p data-start=\"8828\" data-end=\"8875\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Turn on MFA for all accounts that support it.<\/span><\/p>\n<\/li>\n<li data-start=\"8876\" data-end=\"8940\">\n<p data-start=\"8879\" data-end=\"8940\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Start using a password manager and change reused passwords.<\/span><\/p>\n<\/li>\n<li data-start=\"8941\" data-end=\"9004\">\n<p data-start=\"8944\" data-end=\"9004\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Create a backup plan (cloud + offline) and test a restore.<\/span><\/p>\n<\/li>\n<li data-start=\"9005\" data-end=\"9058\">\n<p data-start=\"9008\" data-end=\"9058\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Update your operating system and important apps.<\/span><\/p>\n<\/li>\n<li data-start=\"9059\" data-end=\"9120\">\n<p data-start=\"9062\" data-end=\"9120\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Run an antivirus\/malware scan and remove detected items.<\/span><\/p>\n<\/li>\n<li data-start=\"9121\" data-end=\"9187\">\n<p data-start=\"9124\" data-end=\"9187\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Review email for forwarded rules or unfamiliar auto-forwards.<\/span><\/p>\n<\/li>\n<li data-start=\"9188\" data-end=\"9260\">\n<p data-start=\"9191\" data-end=\"9260\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Secure your home Wi-Fi (change default admin password, use WPA2\/3).<\/span><\/p>\n<\/li>\n<li data-start=\"9261\" data-end=\"9350\">\n<p data-start=\"9264\" data-end=\"9350\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Make a plan for reporting (who to call inside your organisation or local authorities).<\/span><\/p>\n<\/li>\n<\/ol>\n<p data-start=\"9357\" data-end=\"9403\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">11. Where to learn more (topics to explore)<\/span><\/strong><\/p>\n<ul data-start=\"9404\" data-end=\"9797\">\n<li data-start=\"9404\" data-end=\"9483\">\n<p data-start=\"9406\" data-end=\"9483\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Basics of digital hygiene, phishing awareness, and password best practices.<\/span><\/p>\n<\/li>\n<li data-start=\"9484\" data-end=\"9595\">\n<p data-start=\"9486\" data-end=\"9595\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Endpoint Detection &amp; Response (EDR) and Security Information and Event Management (SIEM) for organisations.<\/span><\/p>\n<\/li>\n<li data-start=\"9596\" data-end=\"9651\">\n<p data-start=\"9598\" data-end=\"9651\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Incident response playbooks and tabletop exercises.<\/span><\/p>\n<\/li>\n<li data-start=\"9652\" data-end=\"9729\">\n<p data-start=\"9654\" data-end=\"9729\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Threat intelligence and how to interpret indicators of compromise (IoCs).<\/span><\/p>\n<\/li>\n<li data-start=\"9730\" data-end=\"9797\">\n<p data-start=\"9732\" data-end=\"9797\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Legal\/regulatory reporting obligations in your country or sector.<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"9804\" data-end=\"9818\"><strong><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Final notes<\/span><\/strong><\/p>\n<p data-start=\"9819\" data-end=\"10315\"><span style=\"font-family: georgia, palatino, serif; font-size: 12pt;\">Threat actors range from opportunistic scammers to highly resourced state groups. While no single measure guarantees perfect safety, layered defenses \u2014 combining strong authentication, timely patching, principle of least privilege, backups, monitoring, and informed people \u2014 dramatically reduce risk and make you a much harder target. Start with the high-impact, low-effort steps (MFA, password manager, backups, updates) and build out additional technical and organizational controls from there.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat actors are individuals or groups who use digital, physical, or social techniques to steal data, disrupt systems, commit fraud, or gain unauthorized access to people and organisations. This article explains the common types of threat actors, their methods, signs of compromise, and \u2014 most importantly \u2014 practical, actionable steps you can take to reduce [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13949,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":{"0":"post-362713","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tech-knowledge"},"_links":{"self":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts\/362713","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/comments?post=362713"}],"version-history":[{"count":0,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts\/362713\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/media\/13949"}],"wp:attachment":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/media?parent=362713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/categories?post=362713"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/tags?post=362713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}