Incident Response — Cyberattack lifecycle.

When we encounter the term “cyberattack”, what scenario comes to our mind? Maybe because we are contaminated with hacking films, especially for those who have not encountered a real cyberattack, will think there will be a popup saying “your computer has been hacked” with the green-ish theme color and a kind of alarm sound effect.

Image by Darwin Laganzon from Pixabay

err, actually if you are facing a ransomware attack, there will be a dramatic one actually with a padlock that says “you are hacked” or “your data has been encrypted” or something.

So, my point is, most of the attacks may not be dramatic. Because the more noise the hacker creates, the easier for you to respond (unless the noise is for distraction). If the main point is to exfiltrate data from your organization’s machines, well, maybe it will be really soft and undetectable by bare eyes.

The cyberattack itself has a life-cycle. This is important for you to know because incident response MUST BE ACTIVATED AS SOON AS POSSIBLE before the attack goes into the further phase. The deeper the phase, the more the organization loss will occur. You will encounter several lifecycles on the internet, but from my perspective, 2 images stand out more than the others.

Image 1 — Cybersecurity Lifecycles
Image 2 — Cybersecurity Lifecycles (2)

The explanation is as follow, I use image 1 as the baseline for the explanation and try to correlate image 2 accordingly:

The scheme may seem overwhelming. However, this also brings us great news. As you see, the process to gain the attacker’s objective is a long journey. We can stop the attack by disconnecting the phase. The sooner we detect and respond, the easier the attack to be handled. From the incident response perspective, it does not have to be a major incident for the incident response procedure to be executed. Knowing this lifecycle will help the organization to make the incident response more mature and minimize any potential loss caused by the incident.

That wraps it all for the cyberattack lifecycle. By knowing this, we can see the incident does not always have to be a major where a significant loss occurs but rather it can be handled from the beginning of the phase to minimize or even “prevent” the loss to be happening.

A humble learner of everything around IT especially in IT implementation, governance, risk management, and cybersecurity.