This talk considers what a new SaaS cyber kill chain looks like for modern organizations that are fully SaaS native without any concept of an internal network, and the surprising number of attacks that are possible without touching company owned endpoints or infrastructure.

Once upon a time, we thought of cyber attacks in terms of recon, port scanning, enumeration, vulnerability identification and exploitation and we had various approaches we would use to frustrate attackers at every phase.

As the cat and mouse game of security continued, this eventually morphed into an endpoint compromise focused process involving initial access, exploitation, persistence, command and control and lateral movement inside a complex internal network. But with the remote working and SaaS revolution, the way organizations work has changed radically – so what does the cyber kill chain look like now?