Advanced persistent threats—commonly known as APTs—are a new class of threats that concern security professionals around the world due to their unique properties. Unlike website defacement for communicating a message or identity theft for financial gain, APTs are designed to “fly under the radar” and exfiltrate information for as long as is needed to achieve a goal.
Not knowing if you have been attacked by an APT is worrisome. Studying the properties of an APT can be even more troubling.
APTs have very specific targets. They do not switch their objective when slowed by strong security architecture. They pursue their target repeatedly—which is where that “persistent” label comes from—using multiple, advanced techniques ranging from direct, zero-day vulnerability exploits to social engineering. APTs study the victim for a long period, employing considerable amounts of resources.
Because APTs “fly under the radar,” organizations can be caught unaware. This was evidenced in a recent global survey, conducted by ISACA and sponsored by Trend Micro, which revealed respondents’ varied answers to this question: Would your enterprise be ready to deal with an APT attack?
Because some survey respondents replied “no”, ISACA addresses the issue of what enterprises can do to protect themselves.
In tandem with the release of COBIT 5 for Information Security, ISACA continued to develop messaging that addressed information security in a holistic manner, correlating business objectives with the security properties of technology, organization, culture, human factors, processes, flexibility and preparation to address new trends.
We believe that the answer to protecting against APTs is the same. Organizations need to establish holistic frameworks and approaches in order to gain comprehensive understandings of information security in the context of their business environments. Being informed about new vulnerabilities, threats and protection methods makes information security a continuous effort (rather than a one-time task) of fighting attackers. We in this field must be as persistent as the threats.
ISACA took the initiative to conduct the global APT survey to gather and then share knowledge with the information security community to trigger discussions and support experts as they find solutions to these new problems.
The results of the survey are interesting. They highlight some of the issues that were recognized during the development of COBIT 5 for Information Security. They also highlight how enterprises are still struggling with issues that ISACA has addressed in past initiatives, such as the establishment of security awareness/education programs within enterprises that are contextualized to those enterprises’ unique needs.
In short, we believe this survey is mandatory reading for anyone affiliated with information security.
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC
Director of Information Security at RSM Bird Cameron, Australia
Director of ISACA
Christos Dimitriadis, CISA, CISM
Head of Information Security—INTRALOT GROUP, Greece
Continue the conversation…engage with your peers in the Intrusion Prevention/Detection section in ISACA’s Knowledge Center.