The cyber kill chain models the process that attackers go through to achieve their ultimate goal of data exfiltration or system compromise. The seven stages of the cyber kill chain are as follows: (1) reconnaissance, (2) weaponization, (3) delivery, (4) exploitation, (5) installation, (6) command and control, and (7) actions on objectives. By focusing on prevention and detection at earlier stages in the chain, an organization can reduce the potential for damage. The further along the chain that an attack progresses, the greater the damage is likely to be.
The cyber kill chain, a concept originally developed by Lockheed Martin, is widely used by security analysts to understand what attackers might be doing. Proportionate security controls (people, process, and technology) can be applied to address each stage, taking into consideration an organization's risk appetite. The lower the risk appetite, the more stringent the security controls.
Some of today's more sophisticated cyberattacks are successfully compressing early stages (1 through 5) of the cyber kill chain to exploit known vulnerabilities. There are security controls that can be applied – irrespective of risk appetite – to address known vulnerabilities. Dealing with what a security analyst knows may become a problem sounds basic to many but is a continuing challenge for organizations. The volume of vulnerabilities, complexity of systems, and serious staff shortages are all significant contributors to this challenge.
Addressing known vulnerabilities includes having an established process for identifying these vulnerabilities (using scanning) as well as remediating them via activities such as patching, both of which are security controls covering technology and process. Technology vendors regularly provide notifications of vulnerabilities, along with a patch. Prioritizing the application of patches is essential, as not every vulnerability will require immediate remediation. Instead, the most critical vulnerabilities in the most widely used applications, systems, equipment, and devices will be applied soonest. Increased automation in today's security technology helps support remediation prioritization, and autonomous systems are frequently used for patching at scale.
There are no shortcuts to addressing software vulnerabilities, but the timely patching of software, systems, equipment, and devices can go a long way towards thwarting attackers in their efforts to progress through the cyber kill chain.
Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.