Initial access is exactly what it sounds like, with an attacker first asking contact with your organization. If your security mechanisms recognize and properly respond to the attack at this stage, then the rest of the matrix is simply interesting reading. If not ...
The initial access stage can take many forms, from a spear-phishing link, to a malicious thumb drive found in a parking lot, to a trusted, authorized user who turns evil. In every form, though, a failure of human behavior, IT process, or security mechanism enables the attack to proceed.
While most attacks commonly at this stage, it is not necessarily the only way. As we walk across the horizontal axis of the ATT&CK matrix, we'll see classes of attack that begin further across the process in an attempt to slide beneath the radar of most security products.
(Image: Africa Studio VIA SHUTTERSTOCK)