An illicit, long-term intruder presence in a network may cause irreversible damage to the system, as they may be present in the system for a long time, which facilitates highly sensitive data mining (especially on government, military, and financial networks) in steady, well-researched, and meticulously planned attacks.

Assessing the long-term presence abilities, and the chances of them gaining in-depth access to systems/APIs is the primary intention of this Maintaining Access phase.