Analyze business processes

Business processes, such as who typically communicates with who, or what the supply chain is for a particular part, provide opportunities for social engineering or other [1]

ID: T1301

Tactic: Organizational Weakness Identification

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Social engineering and other attempts to learn about business practices and processes would not immediately be associated with an impending cyber event.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: To get any kind of fidelity into business processes would require insider access. Basic processes could be mapped, but understanding where in the organization these processes take place and who to target during any given phase of the process would generally be difficult.

References

  1. Warwick Ashford. (2015, March). Cyber crime: What every business needs to know. Retrieved March 6, 2017.