Identify personnel with an authority/privilege
|Identify personnel with an authority/privilege|
|Tactic||People Information Gathering|
Personnel internally to a company may have non-electronic specialized access, authorities, or privilege that make them an attractive target for an adversary. One example of this is an individual with financial authority to authorize large transactions. An adversary who compromises this individual might be able to subvert large dollar transfers.1
Difficulty for the Adversary
Easy for the Adversary (Yes/No): No
Explanation: Requires an adversary to undergo an intensive research process. It is resource intensive or requires special data access. May be easier for certain specialty use cases.
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: The layers of data required and potential gaps of information to map a specific person to an authority or privilege on a network requires access to resources that may not tip off a defender.