The 5 Phases of Cyber Intrusion

Contrary to popular belief, not all cyber attacks target large businesses. Statistics show, in fact, over half of all cyber attacks involve small businesses. As a small business owner, it’s important to understand the five basic phases of cyber intrusion so that you can protect your sensitive data from unauthorized access.

#1) Recon

A typical cyber intrusion begins with recon or reconnaissance. During this initial phase, the hacker will research the target business’s information technology (IT) infrastructure, paying close attention to its vulnerabilities and cybersecurity measures. Hackers don’t conduct an actual attack during the recon phase. Rather, they use this phase as an opportunity to learn more about the business’s IT infrastructure.

#2) Intrusion

As the name suggests, the intrusion phase occurs when a hacker has successfully accessed the target business’s IT infrastructure. During this phase, the hacker will attempt to conceal him or herself while venturing through the business’s IT infrastructure in an effort to remain undetected. Like the recon phase, the intrusion phase is designed to probe the IT infrastructure for weaknesses.

#3) Lateral Movement

The third phase in a typical cyber intrusion is lateral movement. During this phase, the hacker will begin to deploy malware on the target business’s IT infrastructure. This may consist of ransomware, spyware, Trojans or other common types of malware. As a result, the lateral movement phase is arguably one of the most critical phases in cyber intrusion. If a hacker is able to reach this phase, he or she could deploy multiple samples of malware on the business’s IT infrastructure.

#4) Data Extraction

After the lateral movement phase, the hacker will begin to extract data from the target business’s IT infrastructure. Also known as the data exfiltration phase, it lives up to its namesake by involving the theft of sensitive data. The hacker may create copies of sensitive data stored on connected computers, servers or other devices. Alternatively, he or she may simply transmit original files to an off-site server to which the hacker has access. Regardless, the data extraction phase involves the theft of sensitive data.

#5) Clean Up

The fifth and final phase of a typical cyber intrusion is clean up. During this phase, the hacker will attempt to cover his or her digital tracks. Most hackers don’t want to get caught, so they try to eliminate any evidence of their intrusion. This may involve deleting newly created logins as well as Internet Protocol (IP) logs.