People click on links and attachments and will, unfortunately, keep clicking even if they should know better. They’ll click for the chance of winning a holiday, or even something as cheap as a $2 cup of coffee.
No amount of awareness training is going to eliminate every click. However, you can always raise the cost for attackers and reduce the chances they’ll reach their objectives. You can do this by building a path of maximum resistance, and that begins by considering how an attacker sees your company.
Getting in the mind of a criminal preparing to craft a phishing attack is easier when you consider the classic Cyber Kill Chain developed by Lockheed Martin, which we’ve adapted to the following eight steps:
External reconnaissance
Delivery
Code execution
Persistence
Command and control
Internal reconnaissance
Lateral movement
Objective
Using the kill chain to assess how an attacker would approach your organization makes it easier to understand which steps, at a minimum, would need to be taken by an arbitrary attacker to succeed in a phishing attack against your company. This allows you to go and build preventative or detective controls to counter them every chance you get.
Phishing is usually thought of as only occurring during the “delivery” phase of an attack. In reality, a successful phishing attack requires success during the first four stages, providing you with opportunities to prevent, detect, and respond before the attacker has an opportunity to establish a foothold.
Here’s a look at how attackers see the first four stages, and practical steps you can take now to stop criminals from getting thei ..
Support the originator by clicking the read the rest link below.
