Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 31, Issue 1

Full Contents Now Available!

Thursday, 01 March 2018 15:14

Building a Kill Chain to Boost Your IT Security

When hackers try to penetrate your databases and IT infrastructure (or perpetrate any other cybercrime), they often plan a sequence of steps to get what they want. Individual steps may seem innocent or meaningless.

Linked one to the other, however, they are the stepping stones that take the hackers to their target. Lockheed Corporation coined the term “kill chain” to describe this sequence.

Once you know kill chains exist and see how cybercriminals plan them, you can get ahead of the curve by following kill chains yourself and breaking the links in as many places as possible. Here’s an example.

Social engineering is a common tactic of attackers. Phishing emails are often effective for this. Here are kill chain steps and possible blocking moves (in parentheses like this) for a phishing email attack supposedly bringing information about “New Employee Stock Option Rules.”