In today’s threat environment, focusing on prevention alone is no longer a sufficient strategy. In 2016, there were 40% more reported incidents of data breaches compared to 2015. Experts anticipate that the number of incidents will increase further in 2017.
IT managers must acknowledge that a data breach is possible. Understanding how a hacker thinks is critical to being prepared.
Understanding The Cyber Kill Chain
The cyber kill chain (CKC) represents all the steps a hacker has to take to compromise a target. By developing counter strategies for each, organizations have a better chance of preventing a threat from accomplishing its mission.
Here are the 7 steps of the chain:
- Reconnaissance: The threat actor researches potential targets and tactics. The threat actor is searching for a method of attack that is both simple and offers a high probability of success.
- Weaponization/packaging: The threat actor acquires the tools necessary to carry out an attack, such as custom malware. Tools are generally designed to attack a specific target.
- Delivery: The threat is delivered through the chosen mechanism; for example, a phishing email sent to an unsuspecting user.
- Exploitation: Once the threat is successfully delivered, it will attempt to compromise the targeted asset. Typically this process will look to exploit a known system vulnerability.
- Installation: Usually the threat vector will actively communicate with the threat actor or another outside party. The application will behave stealthily, allowing the threat to remain undetected.
- Command and control: Threat actors now control targeted assets and gather data.
- Action on targets: In this final stage, the threat actor steals or compromises data or both.
It’s important to note: Hackers don’t necessarily progress along the CKC in a strictly linear fashion. Sophisticated threat actors will go back to earlier steps to conduct additional reconnaissance.
Stopping Hackers In Their Tracks
Fortunately, there are steps organizations can take to defeat a hacker at any link in the CKC.
- Reconnaissance: Using methods such as penetration testing to identify your organization’s vulnerabilities.
- Weaponization: Understand the current threat environment by keeping up-to-date on threat awareness.
- Delivery: Deny threat actors access to your environment via firewalls, payload inspection systems and other security technologies.
- Exploitation: Monitor your network. Use network, host and server technologies to detect threats and deny access to your environment.
- Installation: Utilize host-specific methods to detect the installation of malicious threats.
- Command and control: Use network monitoring tools that can detect threat actors’ attempts to access compromised assets from outside of the network.
- Action on targets: Prevent the actor from carrying out the core mission with technologies that can identify unauthorized activities such as next-generation firewalls and intrusion prevention systems.