What is the MITRE ATT&CK framework and how can it help your business?

mitre att&ck framework

Hackers sit somewhere between masterminds and master criminals, depending on who you ask. There’s a fascination and frustration that surrounds them and how they do their dirty work. 

Ever wanted to get inside the mind of a hacker to help protect your business from threats like malware? The MITRE ATT&CK framework is the perfect place to start. 

What is the MITRE ATT&CK framework?

The MITRE ATT&CK framework is a detailed knowledge base of the tactics cybercriminals use to target victims. Using real-world examples, it shows you how hackers prepare, launch, and execute attacks. 

The framework matrix is split into tactics and techniques. A tactic is a goal the cybercriminal wants to achieve, such as accessing credentials. A technique is the action or actions that achieve the tactical goal, such as brute force. 

It exists to help businesses understand how cybercriminals behave in the preparation and execution of an attack. This helps raise awareness of common threats and how you can detect them in action.

Did you know 47% of SME leaders feel more at risk of cyberattack since the start of the cost of living crisis? Find out why in our latest report.

What does ATT&CK stand for?

ATT&CK is an acronym for adversarial tactics, techniques, and common knowledge. 

A deeper look at the MITRE ATT&CK framework

The framework covers 14 tactics:

  1. Reconnaissance – finding information to plan an attack
  2. Resource development – building resources to support operations
  3. Initial access – entering a network
  4. Execution – running malicious code
  5. Persistence – maintaining network access
  6. Privilege escalation – gaining advanced access permissions
  7. Defence evasion – avoiding detection
  8. Credential access – stealing account information
  9. Discovery – gathering system and network intelligence
  10. Lateral movement – controlling remote systems
  11. Collection – gathering relevant, goal-related information
  12. Command and control – communicating with systems without detection
  13. Exfiltration – stealing network data gathered at the collection stage
  14. Impact – disrupting service availability and data integrity 

Each tactic includes a list of techniques that explain how a hacker achieves their goal, alongside mitigation information, detection tips, and references for further reading. These are updated twice a year from public threat intelligence and incident reporting, so the information stays relevant. 

It’s suitable for any organisation using:

  • Windows, macOS, or Linux IT systems
  • Network infrastructure devices
  • Container technologies
  • Cloud services such as IaaS, SaaS, Office 365
  • Android and iOS mobile devices

Keeping your organisation secure

The framework is a great resource to include in your cybersecurity strategy. 

It encourages collaboration and information sharing, is easy-to-follow, and helps you improve your knowledge and cybersecurity posture. And, it’s free. 

Use it alongside other cyber defence methods to give you broad coverage against common threats, including: 

Active monitoring

Investing in an outsourced security operation centre for 24/7 protection from cyber threats on all devices that access company data.


Using robust antivirus or anti-malware software to prevent, detect, and remove malicious software.

Training and qualifications

Mandatory security training for all employees and qualifications like Cyber Essentials, Cyber Essentials Plus, and ISO 27001

Get started with the MITRE ATT&CK framework

With such a powerful resource at your fingertips, you’re only going to benefit by including the MITRE ATT&CK framework in your cybersecurity strategy. Share it with your colleagues so you can all play an active role in protecting your organisation from attacks. 

SME cost of living crisis