Skip to main content

Mapping Cyber Attacks to Maslow's Hierarchy | Optiv

March 16, 2015

Maslow’s hierarchy of needs is basically a theory that aims to understand what motivates people, represented as a pyramid that maps the different levels of needs. At the lowest level are the basic human needs that are required to function. As those needs are met, individuals move up the hierarchy to fulfill deeper and more complex needs. 

The other day, in my organizational development class, we discussed the hierarchy and how it applies to all different contexts. I thought it would be interesting to understand how different threat actors’ motivations mapped to the model. As I started to map them out, I found that it was pretty easy to do – the key is simply to figure out what drives each form of attack.

At the most basic level you have critical infrastructure attacks, where the motivation would be to deny the victims access to electricity, water, and other public infrastructure. As you move up the pyramid the attacks are aimed at safety needs; hacking traffic systems to disrupt public safety or committing insider fraud for monetary needs.

The next level up is psychological needs. These needs are driven by a desire for love, belonging and esteem. Attacks that fit into this category would be cyber stalking, cyber bullying and hacktivists committing attacks driven by their beliefs. 

At the top of the pyramid are self-fulfillment needs, where the attacker recognizes their full potential. These are the most sophisticated types of attacks where hackers leverage their talents as a business. They work as contractors and subcontractors or even go on their own and hack organizations to better their life and well-being. In short it is their career just like the careers each of us have. We strive for new tips, tricks, and even challenges or methods to operate more effectively. The attacks they perform are at the highest challenge level and are focused on taking IP and information organizations use as competitive advantages or to progress their business and other initiatives.

Understanding an attacker’s motive gives your organization insight into what they are after. And the more you understand what drives them, the more effective your security strategy will be. Please share your thoughts in the comments section below. 

    James Robinson

By: James Robinson

Vice President, Third-Party Risk Management

See More

Related Blogs

November 25, 2014

'Tis the Season for Phishing

It’s that time of year again, the holiday season. A time filled with friends, family, good food, and celebration. But of course it has its downsides a...

See Details

January 19, 2017

Tactics, Techniques and Procedures (TTPs) Within Cyber Threat Intelligence

TTPs is a great acronym that many are starting to hear about within cyber security teams but few know and understand how to use it properly within a c...

See Details

May 17, 2017

Ransomware Kill Chain and Controls - Part 2: Once the Crying is Over, the Controls Must Kick In

In the first part of the blog series, we alluded to the impending danger of ransomware campaigns. It appears the concerns were justified, given the si...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

November 12, 2014

Empowering the CISO

A security-focused business culture can empower the CISO to effectively perform their job, and allow them to become a respected member of the “C” leve...

See Details

October 13, 2014

Addressing Insider Cybercrime | Optiv

In a previous blog post, I discussed what triggers insider threat within an organization. Understanding these threats is important so that your organi...

See Details

July 29, 2016

2016 Cyber Threat Intelligence

Learn how Optiv’s cyber threat intelligence solution helps clients improve their threat response approach.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.