LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How are cyber attackers typically categorised, and why does the category matter for risk planning?

Five tiers from random opportunists to nation-states — each has different motivation, resources, and "patience", which dictates how hard you have to defend.

The standard taxonomy (top of the threat pyramid = targeted, bottom = random):

Tier Motivation Resources Mode
Staatliche Organisationen (Nation-States / APT) Geopolitical, espionage, sabotage Effectively unlimited; long timelines Targeted, custom zero-days
Terroristen Ideological disruption Moderate to high Targeted symbolic attacks
Organisierte Kriminalität Money (ransomware, fraud) High; professional ops Targeted high-value victims
Hacker/Cracker Reputation, curiosity, hacktivism Skilled individuals/groups Mix — opportunistic and targeted
Script Kiddies Bragging rights, mischief Off-the-shelf tools Random, opportunistic

Why it matters: Your control choice depends on whom you're defending against. Patching and 2FA stop script kiddies and most criminals. An APT goes through anything except disciplined defence-in-depth + monitoring + segmentation. Pretending you can stop a nation-state with antivirus is a strategy error.

Tip: Each tier doubles as a question — can our controls plausibly withstand this group? If "Script Kiddies → yes, Org-Crime → maybe, APT → no", that's your honest risk posture.

From Quiz: ISF / Risk Management | Updated: Jul 14, 2026