Isn’t it time you return the favor,and find out what makes them tick

before a data breach occurs?

Cyber attackers do considerableresearch on your company.

In a standard data breach,

there are roughly 6 essential steps,each of which will be outlined in the following slides.

the type that occurs between 80 to 90 million times per year*

*Data Source: welivesecurity

to strengthen your

It’s time for a quickanatomy lesson

cyber security program...

Active/PassiveExternal Reconnaissance

Step 1

During a passive recon exercise, attackers use tools such as Netcraft to learn about a site’s web server,

IP addresses and the date last changed.

There are a number of tools that cyberattackers use to learn about your network -

before they ever launch a threat.

Tools such as Nmap enable attackers toview your site’s open ports and the specific

details about your operating system.

Active recon is riskierand requires an active connection

between the attacker and the target.

Social Engineering and Phishing: Gaining Access

Step 2

Cyber attackers exploit these weaknessesusing social engineering to trick people

into breaking standard security protocols.

52% of cyber attacks occurbecause of human error*

*Data Source: SC Magazine

Attackers set up legitimate-looking emails or websitesthat deceive users into clicking on malicious links,which create a door for attackers to walk through.

One of the most common socialengineering attacks is phishing.

Internal Reconnaissance:Always Learning More

Step 3

The most valuable data isn’t usually ona user endpoint; attackers must dig deeper

to find what they’re looking for.

When attackers gain accessto a user’s workspace, they immediately

start studying the surrounding environment.

Moving Laterally:Getting Closer to the Goal

Step 4

After studying the surrounding workstations,attackers move laterally throughout the network.

This step is repeated until the attackerreaches the end goal.

Lateral movement requires that attackers compromise more user domains and escalate

privileges as the target server comes into view.

Hitting the Jackpot

Step 5

Many companies leave their core serversinsufficiently protected, thinking that their

perimeter measures will keep attackers out.

Lateral movement continues until attackers reach the server containing the sensitive data

they’ve been searching for.

Exfiltration:Getting Out Alive

Step 6

one that’s getting shorter now as the white hats get smarter

This is when attackers have reached theirend goal, and suddenly they’re on a time clock...

They need to copy sensitive data,and send it off to an external command

and control server as quickly as possible.

The longer attackers spend in the network,the greater their risk of detection.

By implementing deception technologyand understanding the steps leading up to a data breach,

you can be proactive in your cyber security measures.

Preventing the Next Data Breach:Get Out Ahead of Your Enemy

Request a Demo