MITRE ATT&CK Framework: Guiding Organisations Towards a Capable Security Posture

The constant cat and mouse chase between enterprises and hackers have been a common sight as organisations worldwide are accelerating their digital transformation journey. Enterprises are struggling to detect and deter cyberattacks penetrating their security systems. According to the 2020 IBM report, the average time to identify and contain a data breach is an astonishing 280 days, with 80% of the violations relating to customer Personally Identifiable Information (PII). The need for an imminent, well-rounded security solution for organisations stores PII in their database is more crucial than ever.

In response to the cyberattacks targeting enterprise systems, MITRE’s ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework was founded in 2015 to assist in detecting and countering cyberattacks launched by hackers. The MITRE ATT&CK framework applies to or any enterprise that seeks to protect its data from adversaries attempting to breach its defense systems.

This framework’s primary purpose is to describe the actions a hacker may take to compromise and operate within an enterprise network. The framework comprises tactics, techniques, and procedures (TTP) cyber threats to gain access and execute their objectives while running inside an enterprise network. The tactics contain the reasons or purpose for a hacker to complete an action, with an example being they may want to retrieve credential access information of the enterprise’s admin.

The techniques represent how a hacker achieves this strategic goal by conducting an action. An example is a hacker who may use the brute force technique to retrieve accounts within the enterprise network. The sub-techniques are a more specific description of the hacker’s strategy to penetrate the enterprise systems, such as a hacker using a password guessing strategy from the brute force technique. Procedures are the specific implementation plan the hacker uses for the techniques and sub- techniques. Each technique and sub-techniques are followed by recommended mitigation strategies to counter these cyberattacks from adversaries.

MITRE ATT&CK framework gets updated bi-annually and covers enterprise IT systems such as  Windows, macOS, and Linux; cloud systems covering Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Software-as-a-Service (SaaS). The framework consists of more than 290 techniques, 12 tactics, and both continually increasing as hackers are always finding new approaches to attack an enterprise’s system.

The ATT&CK framework permits enterprises to assess their network and defense mechanisms against the hacker tactics and techniques classified by ATT&CK. This will help enterprises to be able to track cyber attacks, decipher patterns, and evaluate the effectiveness of their defense mechanisms that are already in place. As a result, the enterprise can identify possible vulnerabilities in its system and implement the recommended mitigation techniques from the ATT&CK framework. 

This framework allows enterprises to understand the latest hacking methods and prioritise threats accordingly. They are enabling cybersecurity professionals to form appropriate mitigation mechanisms in place within the enterprise system. Subsequently, the frameworks will guide the enterprise in creating a cybersecurity strategy, monitoring new cybersecurity threats, and planning. The MITRE ATT&CK framework is free of cost and accessible to any type or size of enterprises worldwide.

If you are looking for a qualified professional to equip your organisation with MITRE ATT&CK standards, feel free to consult our experts at Quantum. Our experienced CISO will be happy to learn about your requirements and walk you through obtaining one of the most globally accepted cybersecurity frameworks in the world.