Inspect, assess and engage: these are some of the cyber kill chain steps, according to Lockheed Martin. Although well-debated, this is the most established process for defining the stages of an attack. To mitigate your business against potential cyber threats, the first step is understanding the anatomy of a cyber attack and strategies used by cyber-criminals.
Let’s start with unpacking the cyber kill chain. The first step is reconnaissance, whereby cyber-criminals scope out their victims from afar. Step two is weaponization where the information gathered in step one is exploited via a backdoor and, after breaking into a network, hackers spend time learning about the location of high-value assets and system vulnerabilities.
Step three is delivering the weaponized bundle to the business or consumer through social engineering tactics. The fourth step is exploiting a vulnerability, then step five is installing malware on the computer. Next is gaining control to manipulate the victim and the final step is when the cybercriminals accomplish their goals.
Of course, it’s no secret the data businesses hold is one of its more valuable possessions. Yet, the Breach Level Index estimates that every day, nearly half a million data records are stolen. That’s a staggeringly large statistic. Enterprises face an agile and committed enemy – and the odds are stacked against them. After all, a hacker just needs one lucky break, but businesses must constantly be vigilant against malware attacks.
What’s more, our recent State of Malware 2019 report found the UK ranks third for the country with the highest number of business threat detections – with the biggest threat for businesses being information theft. This follows a string of high-profile examples last year, including Superdrug, British Airways and Butlins.
Now with GDPR, regulators can move quickly to take action, making it all the more imperative that companies have the right security arsenal at hand. We also know that once a breach has taken place, it can take on average 82 days to contain, making it hugely time-intensive for IT managers, according to the Ponemon Institute.
It’s not only outsiders that could pose a potential threat. Globally, one in 22 cybersecurity professionals are perceived to be Grey Hats; those who participate in criminal activity whilst also working as legitimate security professionals. Worryingly, this statistic jumps to one in three in the UK. Our research also discovered that the proportion of Grey Hats increased with the size of an organization.
How can CISOs protect their organization?
So, if CISOs understand the strategy deployed by a cyber-criminal, does this mean we can beat these ambush predators? Unfortunately, not. The truth is if a cyber-criminal is insistent on hacking your systems, they will eventually get in.
The important piece for business to get right is doing as much as they can to protect their systems, but also putting a robust plan in place for when the attack occurs.
Similarly, learning how to manage and understand how and where the problem comes from is key. It’s not enough to realize that your company has been breached; you also need to forensically understand the ‘how, when and by who’ in order to ensure your attackers aren’t still capable of infiltrating your system.
A layered approach to security is the safest option, whereby you have a suite of security solutions in place – businesses cannot just rely on a traditional anti-virus. Other newer endpoint protection solutions can help remediate and, in some cases, have a roll-back feature which restores the computer to a pre-attack timeframe.
In addition, its important businesses are constantly investing in training your entire workforce not just on the general health of their technology – such as ensuring they’re updating the latest software – but also training them on how to spot malicious-looking emails to prevent any social engineering.
Often the first point of weakness for a business is its people, who, just by clicking on the wrong link, instigate a full-blown data breach. This shouldn’t be viewed as a one-off box-ticking exercise to later just be forgotten about. Having on-going, regularly updated training sessions will ensure that staff members are aware of the changing threats and how they can best be avoided.
Lastly, this needs to come from the top down. For too long, cybersecurity has been the domain of IT teams. It is now a business-critical issue; therefore, the entire C-suite and the and Board of Directors should be leading by example by promoting and practicing a security-first mindset
Protecting your business from cyber-criminals out there looking to steal, hold ransom and exploit your most prized asset – data – is no simple feat. However, understanding the steps a criminal takes and doing all you can to protect your business from being attacked is paramount.
The best approach for this is employee education and adopting a layered approach to security, alongside preparing for not if, but when, you’re hit by a cyber-attack – these steps will help mitigate the potential damages both reputational and financially.