Cyber Kill Chain Investigation & Assessment


The concept “cyber kill chain” refers to the structure, process & methodology for intrusions into a computer network/systems by means of a cyber attack:

  • target identification – who/what/where?
  • force dispatch to target – mission in motion / move into position
  • decision and order to attack target – strike
  • destruction or elimination of target
  • report

Phases in a ‘typical cyber kill chain’:

Why do we need to understand the nature of a cyber kill chain?

Once you have documented and really understood how a cyber attack, data breach or ransomware attack happened, you can develop tools and strategies to limit breaches, respond to cyber attacks, and minimize risks. If you don’t know exactly what is happening, your counter-measures will be of little effect against a trained attacker.

During each phase of an attack, there are specific defense measurements that can be taken.