Editing Computer security (section)

==Attacker motivation==
As with [[physical security]], the motivations for breaches of computer security vary between attackers. Some are thrill-seekers or [[Vandalism|vandals]], some are activists, others are criminals looking for financial gain. State-sponsored attackers are now common and well resourced but started with amateurs such as Markus Hess who hacked for the [[KGB]], as recounted by [[Clifford Stoll]] in ''[[The Cuckoo's Egg]]''.

Attackers motivations can vary for all types of attacks from pleasure to political goals.<ref name="DoS guidance" /> For example, hacktivists may target a company or organization that carries out activities they do not agree with. This would be to create bad publicity for the company by having its website crash.

High capability hackers, often with larger backing or state sponsorship, may attack based on the demands of their financial backers. These attacks are more likely to attempt more serious attack. An example of a more serious attack was the [[2015 Ukraine power grid hack]], which reportedly utilised the spear-phising, destruction of files, and denial-of-service attacks to carry out the full attack.<ref>{{Cite news |last1=Sanger |first1=David E. |last2=Barnes |first2=Julian E. |date=2021-12-20 |title=U.S. and Britain Help Ukraine Prepare for Potential Russian Cyberassault |language=en-US |work=The New York Times |url=https://www.nytimes.com/2021/12/20/us/politics/russia-ukraine-cyberattacks.html |access-date=2023-12-04 |issn=0362-4331}}</ref><ref>{{Cite web |date=2021-07-20 |title=Cyber-Attack Against Ukrainian Critical Infrastructure {{!}} CISA |url=https://www.cisa.gov/news-events/ics-alerts/ir-alert-h-16-056-01 |access-date=2023-12-04 |website=www.cisa.gov |language=en}}</ref>

Additionally, recent attacker motivations can be traced back to extremist organizations seeking to gain political advantage or disrupt social agendas.<ref>{{Cite journal|last1=Han|first1=Chen|last2=Dongre|first2=Rituja|date=2014|title=Q&A. What Motivates Cyber-Attackers?|journal=Technology Innovation Management Review|language=en|volume=4|issue=10|pages=40–42|doi=10.22215/timreview/838|issn=1927-0321|doi-access=free}}</ref> The growth of the internet, mobile technologies, and inexpensive computing devices have led to a rise in capabilities but also to the risk to environments that are deemed as vital to operations. All critical targeted environments are susceptible to compromise and this has led to a series of proactive studies on how to migrate the risk by taking into consideration motivations by these types of actors. Several stark differences exist between the hacker motivation and that of [[nation state]] actors seeking to attack based on an ideological preference.<ref>{{cite journal |last1=Chermick |first1=Steven |last2=Freilich |first2=Joshua |last3=Holt |first3=Thomas |title=Exploring the Subculture of Ideologically Motivated Cyber-Attackers |journal=Journal of Contemporary Criminal Justice |date= April 2017 |volume=33 |issue=3 |pages=212–233 |doi=10.1177/1043986217699100|s2cid=152277480 }}</ref>

A key aspect of threat modeling for any system is identifying the motivations behind potential attacks and the individuals or groups likely to carry them out. The level and detail of security measures will differ based on the specific system being protected. For instance, a home personal computer, a bank, and a classified military network each face distinct threats, despite using similar underlying technologies.<ref>{{Cite book|last=Anderson|first=Ross |title=Security engineering: a guide to building dependable distributed systems|date=2020|isbn=978-1-119-64281-7|edition=3rd | publisher=John Wiley & Sons|location=Indianapolis, IN|oclc=1224516855}}</ref>