VLCM Blogs - Learn How To Get IT Right

BE PROACTIVE THROUGHOUT THE CYBER KILL CHAIN

Written by VLCM | Aug 29, 2017 2:17:00 AM

Too often, a company’s approach to cyber security is reactive, with the IT support team focusing on vulnerabilities and improving security systems after an incident has occurred. It’s an ineffective method and leaves the organization susceptible to further attacks. 

Taking a proactive, network wide cyber security approach allows the organization to pull together plans, policies, and tools to better anticipate and prevent cyber attacks from happening or mitigating them before damage is done. The first step in putting together a proactive approach is to take steps to truly understand the steps of the cyber kill chain.  

TIME IS OF THE ESSENCE

According to the 2017 Verizon Data Breach Investigation report, although it only takes a few minutes for a cyber attack to wreak havoc in a network, it can take months before the attack is discovered — as long 200 days on average by some estimates. By then, the damage is done with records compromised or data stolen and being used for financial gain. The time difference between the actual attack and its discovery gives hackers the upper hand.

STEPS OF THE CYBER KILL CHAIN

Hackers tend to follow certain patterns for their attacks. The more you and your IT team knows about these patterns, the better chance you have to find threats before they cause damage. The steps of the cyber kill chain include:

  •   Reconnaissance. Hackers take time to learn their landscape and understand their target. They are looking for vulnerable targets to fall for a phishing attack or the easiest way to spread spoofed messages through a company.  The solution: Ensure your email security systems is up-to-date to address the latest threats.

  •   Exploit and enter. As soon as the weak point is discovered, the hackers need to get into the network. This is often done by adding malicious code to a document or website that is downloaded when the unsuspecting victim opens it. If the hacker is able to get privileged access of a user, entering becomes even easier because they can go completely undetected. The solution: Your network security solution should complement your email security; also, a privileged account management solution can determine intruders over legitimate users.

  •   Setting up communication. Once inside, with the freedom to move around the network, the hacker is able to set up a communications system with the command and control center. The solution: Encrypting data in the system.

  •   Sustain position. During this phase, the attack mode stays quiet in order to avoid detection until the attack launch is triggered. The solution: Be able to identify and confirm credentials and check logs to denote any unusual activity.

  •   The takeover. If it is a ransomware attack, this is the point where the files are encrypted and the ransomware notice revealed. In a DDoS attack, bandwidth is overloaded, shutting down accessibility. In this stage, the hackers have taken control of the system and are able to do whatever damage they planned to accomplish in the attack. The solution: Have an incident response plan to kick into action to mitigate the harms from attack.

Every network is vulnerable to a cyber attack. How well your organization survives it depends on whether you were proactive or reactive. By understanding the way hackers operate, you can cut off attacks at any point in the cyber kill chain. VLCM, a Fortinet Partner, has the resources and expertise to put a proactive strategy in place.