What Actually Happens During a Cyber Attack

The Five Stages Every Attacker Uses

Stage 1: Recon

The attack starts before anyone touches your systems. Attackers watch, scroll through company websites, check LinkedIn profiles, map out your tech stack and hunt for the weakest link.

Think of it like walking around a house checking which window is unlocked. You will never know this stage is happening.

Stage 2: Initial Entry

This is usually embarrassingly easy. Not because attackers are brilliant, but because humans are predictable.

A phishing email from "your boss". Passwords like "Summer2024!". That urgent update prompt. Someone simply hands them the keys.

Stage 3: Privilege Escalation

They are in at this stage, but they can't do much yet. This initial access gets them to some low-level account that can barely see anything interesting.

So they move sideways, looking for admin accounts, shared folders and old credentials nobody bothered to remove.

This is how a tiny breach becomes a serious incident.

Stage 4: Action

Finally, they do what they came to do.

Stealing data, encrypting files for ransom, shutting down services and using your systems to attack others.

This is usually when organisations first notice something is wrong, even though the attacker might have been inside for weeks.

Stage 5: Exit and Cover

Professional attackers clean up, they wipe logs, delete footprints, leave backdoors for next time.

By the time teams investigate, the attacker is long gone.

What This Means for You

Cyber attacks aren't sudden explosions. They unfold in predictable stages, and each stage gives you a chance to stop them.

Most attacks die in Stage 1 or 2. They never make headlines because someone simply didn't fall for it.

The boring basics work:

• Pause before clicking anything urgent

• Use unique passwords everywhere

• Enable multi-factor authentication

• Install security updates promptly

• Question anything that feels off

These small actions stop most real-world attacks.

What Smart PMs Build In

Great project managers map controls to each attack stage.

Phishing training interrupts Stage 2. Access reviews catch Stage 3 before escalation happens. Logs and alerts flag unusual behaviour early.

They run tabletop exercises too. Not "if we get attacked someday" planning. More like "it's Thursday, we just discovered an attacker in our systems, what happens in the next hour?"

Hoping you'll never get attacked isn't a strategy. It's just hope.

A Real Scenario

Monday morning. Everyone receives an email from "IT" asking them to verify credentials through a link.

Wrong move: Click. Enter username and password. Nothing happens. Move on.

Right move: Check the sender address carefully. Hover over the link without clicking. Notice the dodgy domain. Call IT directly. Report it regardless.

Two minutes of caution stops an attack at Stage 2.

Cyber attacks aren't magic, they are just steps in a sequence. Once you understand the steps, you stop fearing the unknown and start building defences that actually work.

P.S. Share this with someone who thinks hacking looks like the films. Understanding reality is the first step to staying safe.

Next week: What challenge are you facing? Tell us, and we'll tackle it in next week's issue.