Motives are key aspects to a malicious actor’s agenda. If you can understand why they’re targeting, you then you may understand what is vulnerable. State actors for instance may target others to gather information for their own sake of having the data. Singular malicious actors may have a secret agenda that motivates them with monetary gains. How these are handled is different. With the state actor example, there isn’t much to be done but monitor for the information resurfacing and preventing the next potential incursion. The malicious actor on the other hand would include identification, monitoring for the data to resurface, confirming how much of the data has resurfaced, and what communities the data was released to for your users’ threat surface. Once that sensitive data changes hands it enters a new set of motives. Some may use SPII for social engineering, aggregate the data with other sources and resale, or even black mail. I plan to implement searching for the motive amongst my best practices by taking the time to place myself in their shoes.

Attack Motive

I would explain this to a new developer on my team by first doing some role playing. First placing myself in the shoes of a malicious actor and setting the stage of what happened. Once I explain the scope of the issue, I’d ask him to tell me what I might have done or had access too. I’d explain some points of view they might have missed by reversing the roles in the exercise. Doing these war games can help build preparedness. Ultimately this is not a one time conversation that explains the depth of what security needs to be done but a continuous exercise that even the new developers should get used to partaking in.

- Federal government leads the way with encryption standards. Insights. Retrieved August 4, 2024, from https://insights.samsung.com/2022/01/12/federal-government-leads-the-way-with-encryption-standards/