The More You Know: Get the Skills to Kill the Cyber Kill Chain
By – Aamir Lakhani, cybersecurity Researcher for Fortinet’s FortiGuard Labs
Dubai, United Arab EmiratesNarrow job titles are fading into the distance, and employers are looking for candidates with a wide variety of skills to join most fields. As in any industry, the more you know, the more attractive you will be for a role in cybersecurity. Amassing a breadth of security, cloud, and networking knowledge will help your chances of being a top candidate and help you execute in the long run as you combat all kinds of present-day and future attacks.The recent convergence of networking and security calls for convergence in skills. Before the surge in digital transformation, OT and IT were separate, independent networks. OT systems were considered relatively safe from outside threats because they weren’t connected to the internet. But as digital innovation continues, OT networks have converged with IT networks to reduce costs, increase productivity, and gain market share. Now all networks are suddenly exposed to the entire threat landscape. And a lot of threats mean we need a lot of different specialties. Unfortunately, as technology advances, so do cybercriminals.
The Cyber Kill ChainThere are many threats out there coming from all sorts of areas, and combatting each kind requires specific skills. If we look at the seven steps of the cyber kill chain – reconnaissance, weaponization, delivery, exploitation, installation, command and control, actions – we can shine the light on the processes and use that as a roadmap to see what kinds of skills we need to develop to thwart each step.
1. Reconnaissance involves things like harvesting email addresses and compiling information. The skills needed to foil this step are just fundamental cybersecurity hygiene, such as recognizing phishing emails. Anyone can learn them at any age or stage in their career.
2. Weaponization uses that information to embed malware into a document, for example, or host the malware on a compromised domain. This is the stage when the attacker is creating the attack, and there are few security controls, even security awareness, that can have an impact at this stage.
3. Delivery sends out the attack via email attachments and websites to transmit the malware to the victim’s targeted environment. This is the step where people, not technology, can stop the attack in its tracks. Organization-wide training on what to look for can help employees obtain the skills needed to halt the delivery of an attack.
4. Exploitation targets an application or operating system vulnerability. This is the step when the attack is “detonated.” This is where we have trained IT personnel tasked with ensuring the systems are up to date and have an antivirus installed. They also ensure that all sensitive data is secured.5. Installation is when the attacker installs the malware on the victim. This step goes beyond the “human firewall” and requires trained staff to keep the system secure and look for abnormal behavior.
6. Command and control is when the attacker has control of the machine. Malware is not often automated, so this stage happens manually. This step is once a system is compromised or infected. This is why “hunting” is a popular tactic – the hunters are looking for abnormal outbound activities.
7. Actions on the objective of data exfiltration involve collecting, encrypting, and extracting information from the victim environment. Once the attacker has access and control inside an organization, they can execute on their objectives.
Knowing the cyber kill chain stages and their inherent outcomes is a first step in combatting cybercrime. Cybersecurity is all about learning how to adapt and be flexible, as things are constantly changing, and awareness training can be hugely beneficial.
Be AwareThere are many free training programs out there to get started. The Fortinet NSE Certification Program prepares professionals for a career in cybersecurity and trains you on multiple Fortinet products. (It’s best to get various vendor training to become familiar with other cybersecurity products as well.) Non-vendor training and penetration testing (also called “pen testing” or “ethical hacking”) can also be interesting and educational. Concentrate on ethical hacking techniques to understand the mindset and tactics of cyber adversaries, but also find training and information on:·
Incident response forensics· Coding techniques· Logging techniques· Network engineering· Threat intelligence
And instead of just focusing on one area of expertise, essential technical skills to develop include:
The Fortinet NSE Training Institute helps develop career pathways and supports more than 300 academic institutes across 80 countries with programs for all levels. It encompasses the Certification Program, the Fortinet Security Academy Program, and the Veterans Program, all designed to help shrink the cybersecurity skills gap and kill the cyber kill chain. Fortinet also offers education pathways to develop security operations, Security-Driven Networking, Adaptive Cloud Security, and Zero Trust Access.
Any career can be fulfilling if you are doing something you love. Just getting a job and punching a clock day-to-day is not sustainable nor fulfilling. Along with developing a diverse skill set, bring forward your innate talents, problem-solving skills, an inquiring mind, tenacity. And you have to be flexible and willing to adapt along with the landscape, all the while being humble enough to admit that there will always be more things to learn.