The need for speed – the cyber kill chain

Parent Page Home
Parent Page News & Reports
Parent Page Spotlight On Cyber and Technology Risks 2024
The need for speed – the cyber kill chain

The Need for Speed

Firms need to respond to new cyber threats fast

Long gone are the days of hackers breaking into networks with the aim of defacing websites. The mindset of hackers has evolved.

With both nation states and hacking groups instigating attacks, the speed and sophistication of the cyber ‘kill chain’ means all businesses are at risk of an attack. To counter this threat, firms need to respond to new threats fast.

State sponsored hackers tend to target networks and third party technology suppliers often seeking to gain access to national infrastructure or other critical supply chains.

Hacking groups follow in the wake of these attacks, harnessing the malicious code used in state sponsored attacks, which is often available within hours on the dark web, to launch attacks on businesses that are often unaware that a new threat has emerged. Hackers then look for the weakest link in the chain, having honed their hacking skills to reduce data exfiltration timescales, in some cases to a matter of hours.
Despite the cyber threat continuing to develop and grow, our data shows that global business leaders’ concern about cyber risk has consistently dropped year on year since we started our Risk & Resilience survey in 2021. The percentage of business leaders citing cyber as their biggest threat has fallen from 34% in 2021,iv to 26% in 2024.vii Yet, the tactics employed by hackers are constantly evolving, to such an extent that breaches are becoming increasingly difficult to prevent for businesses without adequate protection.
“A web of specialised hackers operating in individual areas of a cyber kill chain is more effective than hackers working across the full chain, and leaves businesses vulnerable to a wider pool of threat actors.”

Bob Wice
Head of Underwriting Management - Cyber Risks

The battle against digital threats

Understanding the cyber kill chain and defending against digital threats means understanding the hacker mindset and their tactics. Historically, it would not be uncommon for a hacking group to be involved in every stage of the kill chain, from writing the code and programs used to break into a network to the exfiltration of stolen data.

With the sophistication of the kill chain, the need for hackers to be involved throughout the chain has been reduced, allowing them to specialise, and today there are hackers who specialise in infiltrating networks, known as initial access brokers. These bad actors gain a foothold in networks before selling that access on the dark web. The individuals looking to purchase that access will then steal confidential data such as passwords and credit card details that are also sold on the dark web. Subsequently, a separate hacking group will likely deploy ransomware.

“The cyber kill chain helps us to understand the next step an attacker will take."

Francisco Donoso - Chief Technology Officer, Beazley Security

“Cyber criminals find a weak link with a vendor, and it can create a ripple effect"

Marcello Antonucci - Claims Team Leader, Cyber & Tech Risks

A race against time

Certain businesses in the US, deemed to form part of the country’s critical infrastructure, such as financial services, transportation and energy firms, are legally required by the Cyber Incident Reporting Act to report data breaches to the Cybersecurity and Infrastructure Security Agency within a set timeframe.2

However, if the business has been unable to secure its network before publicly filing a report, it will likely face a further wave of attacks. With a network’s vulnerabilities in the public domain, cyber crime groups can easily retrace the steps of the original hackers to steal sensitive data. As a result, the aftermath of a cyber attack is a race against time for businesses to secure their systems before reporting the attack.

[iv] This figure is based on research undertaken in January and February in 2021 with 1,000 executives of firms based in the UK and US of varying sizes, operating in 10 broad industry sectors with international operations.
[vii] This year’s survey was undertaken between 05.01.2024 and 15.01.2024 with 3,500 executives based in the UK, US, Canada, Singapore, France, Germany and Spain of varying sizes, operating in 9 broad industry sectors with international operations.

2- Critical US Companies Legally Required To Report Cyberattacks (tech.co)

The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. BZ CBR 119.

Firms need to respond to new cyber threats fast

“A web of specialised hackers operating in individual areas of a cyber kill chain is more effective than hackers working across the full chain, and leaves businesses vulnerable to a wider pool of threat actors.”

“The cyber kill chain helps us to understand the next step an attacker will take."

“Cyber criminals find a weak link with a vendor, and it can create a ripple effect"

A race against time

Contact us

BROKERS AREA

CLIENT AREA