One of the most popular models for analyzing cyberattacks doesn’t focus enough on what to do after adversaries break into networks successfully, which they inevitable will do, Black Hat 2016 attendees were told this week in Las Vegas.
“Every attacker will become an insider if they are persistent enough,” says Sean Malone, a security consultant who spoke at the conference. “We need to operate under a presumption of breach.”
He’s critical of a popular defense scheme called the cyber kill chain that defines seven steps attackers must take in order to succeed: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions and objectives.
