Cyber Kill Chain Defined: A Review of Cyber Kill Chain Steps

A cyber kill chain is a series of steps designed to stop a cyberattack.

When reporters cover hacks, they use words like “suddenly” and “surprise.” The event seems to come with no warning, and the damage hits a company out of the blue. 

In reality, a successful hack comes about through a series of predictable, repeatable steps. And some security experts believe that understanding those steps is critical to keep the next attack from succeeding. 

The steps you should know are part of a cyber kill chain. Learn it backwards and forwards, and put in the proper protections at each step, and you could be a hero when the next attack appears.

What Is a Cyber Kill Chain?

Lockheed Martin developed (and trademarked) the concept of the cyber kill chain. But plenty of other companies have embraced the concepts. 

Put a cyber kill chain into practice, and you'll study all of the steps malicious actors take as they gain access and then control of critical systems. You'll begin to think like a hacker, and you'll create countermeasures for the game plan your enemies follow.

The cyber kill chain is often compared to military maneuvers, and that's apt. Your goal with this concept is to anticipate your opponent's every move so you are always ready to respond appropriately. 

In a large company, your enemies could number in the hundreds or even the thousands. And some of them won't be strangers. Former employees with grudges could also try to infiltrate your systems. The more you know about the steps they might take, the better you can prepare.

 

Cyber Kill Chain Steps Explained

Cyber Kill Chain Steps Explained 

The classic sequence described by Lockheed Martin consists of seven steps. You may choose to tinker and add a few of your own. Similarly, you may find that some of these steps just don't apply to your company and your audience. But we'll walk through them one by one to help you get started. 

1. Reconnaissance

A hacker can't just walk into your system and take over. Most use in-depth research, triggered long before the attack begins, to understand the systems you use and your vulnerabilities. 

A hacker might do this work in two phases.

  • Passive: Sources such as