Analyze business processes

Business processes, such as who typically communicates with who, or what the supply chain is for a particular part, provide opportunities for social engineering or other [1]

ID: T1301
Sub-techniques:  No sub-techniques
Tactic: Organizational Weakness Identification
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Social engineering and other attempts to learn about business practices and processes would not immediately be associated with an impending cyber event.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: To get any kind of fidelity into business processes would require insider access. Basic processes could be mapped, but understanding where in the organization these processes take place and who to target during any given phase of the process would generally be difficult.


  1. Warwick Ashford. (2015, March). Cyber crime: What every business needs to know. Retrieved March 6, 2017.