The Cyber Attack Stages Explained | Board Edition

Within the cyber security industry, there are varying models explaining the stages of a cyber attack. Most rely on extensive knowledge in dealing with IT infrastructures, protocols and cyber security.  The NCSC have created a detailed, yet straightforward, infographic that specifies the 4 steps within a cyber attack. By deconstructing a cyber attack, it is easier to understand the cyber criminals’ approach and allows you to put in place security procedures, protocols or solutions at every stage, which will help safeguard your organisation from cyber attacks and minimise your organisation’s risk.

 

The 4 stages of a cyber attack:

Cyber Security: 4 Stages to a Cyber Attack
Cyber Security: 4 Stages to a Cyber Attack

 

Survey

Did you know that human error was a major contributing cause in 95% of all breaches? (IBM) This is why user education is the first important step in negating a cyber attack.

A few tips regarding the content to consider are; it needs to be engaging, bespoke to your organisation and flexible. Security must be core to the work culture. All members of staff must be awareness trained on the possible threats. Furthermore, testing is key in awareness training. Tests such as phishing simulations allow you to know who requires further training and if your training programme needs revising. To find out more about awareness training, we have written about the topic in more detail here.

Delivery

There are 4 security controls that can minimize the exposure to a successful cyber attack within the ‘delivery’ phase; the 4 controls are network perimeter defences, malware protection, password policy and secure configuration.

Regarding the previous quote from IBM, misconfiguration and password security are two other types of human error. Because the risk of human error is so high, it is critical to lower the risk of these two specific threats. By having a strategy in place for password security, including policies, you can decide which solution is best for your organisation. Password management software is typically used so it can be integrated with browsers and on different devices.

For ‘Secure Configuration’, devices (such as desktops/laptops or mobile devices) should only have essential software or apps installed and these should be kept up to date. Any default user accounts should be removed where possible and any default passwords changed to secure ones. It’s also recommended to disable features such as AutoPlay and AutoRun to prevent malware executing automatically from removable media or disabling the use of removable media altogether.

Breach

The NCSC have highlighted 7 areas to reduce exposure to an attack within the breach stage. The picture below is of the vulnerability management maturity model. This model allows your organisation to compare your current vulnerability management procedures to see where progress can be made.

The Vulnerability Management Maturity Model
The Vulnerability Management Maturity Model

 

The two important aspects I’d like to add more detail to are patch management and monitoring. Patch management is just one entity of vulnerability management, the second is configuration vulnerabilities. The definition of vulnerability management is the process of identifying vulnerabilities that could leave you open to exploits and dealing with them in an effective way. A ‘patch’ from a cyber security standpoint is when hardware or software is updated to fix a vulnerability that has been found within the previous version that the criminals can use to gain access to systems.

The top tier of the maturity scale relies on scanning and prioritisation of threat vectors. CVSS (common vulnerability scoring system) is one example of a metric used to prioritise the severity of a vulnerability.

Moving away from manual procedures, allows your organisation to take an approach focused on threat and risk through ongoing monitoring to see the effectiveness of the vulnerability management strategy in place.

Like monitoring for vulnerability management, monitoring all networks in your security landscape is essential. When criminals breach your systems, they need to stay undetected to carry out their actions. By monitoring systems, suspicious activities can be detected and the entry point can be identified.

Affect

“Organisations should think in terms of ‘when’ rather than ‘if’ they experience a significant cyber incident. So it’s essential to plan your response carefully and to practice (or ‘exercise’) your response.”NCSC

The final stage is ‘controls for The Affect Stage’ where the above quote really emphasises why risk management is crucial from a board level perspective. A cyber attack can disrupt all levels of business operations, take the JBS attack that temporarily shutdown operations in Australia, Canada and the US. Also, Colonial Pipeline who had to shutdown the pipeline that supplies the East Coast with 45% of its fuel. There has to be clear protocols in place in case of a cyber attack that are communicated throughout the company.

Cyber Security Assurance

One of our most popular consultancy services is a Cyber Security Assurance Report which is bespoke to your organisation. We assess existing controls, make immediate security improvements by removing low hanging fruit and produce a roadmap to help you move forward strategically. As an external body, we provide independent assurance in your security practices and the opportunity to have ongoing access to our vSOC Connect platform. With this platform, our customers have full visibility of their cyber risks including security incidents and can monitor all improvements via a single pane of glass.

If you would like further assistance or to find out more about the Cyber Security Assurance Report, please email moreinfo@dataconnect.co.uk.