Seemant Sehgal, CISA, CISM, BS7799 LI, CCNA, CEH, CIW Security Analyst, SABSA
Advanced persistent threats (APTs) are a hot topic in the security arena today. There are a number of definitions and methods of identifying an APT. Some define it based on the extent of pinning it to certain attack vectors, while others map it to the complexity or time it takes to complete the attack. The term “targeted attacks” is the latest buzzword, gradually taking center stage as a new breed of cyberthreats emerge.
So how can one devise an effective strategy to combat such threats? Well, to do so, it is important to understand the implications of the words “advanced” and “targeted” in the cybersecurity context. Think of the example of a pickpocket looking for a prospective victim. A thief will skip stealing from targets when they are vigilant and instead look for someone whose guard is down. In other words, the attacker will go for the “low-hanging fruit” to find a way in.
Applying this scenario to the context of cyberthreats, the best strategy to combat an APT is to keep an eye on low-hanging fruit in your security ecosystem. Low-hanging fruit in this context represents the easiest vulnerability for threat agents to exploit and reach their target. It is important to remember that low-hanging fruit is not a static concept when it comes to cybersecurity. The moment you take the most obvious vulnerability out of the equation, attackers are going to take the next easiest route. As a result, the best combat strategy is that an enterprise stays situationally aware of the lowest hanging fruits it is offering to an attacker.
From a more global perspective, threats are targeted at a generic profile. Hence, for a threat to impact your values that are at risk, 2 conditions need to be met. First, the target profile must match the ecosystem that you present to the attacker. Second, your organization must be more easily exploitable than your next best competitor or another target presenting the same value to an attacker. If you want to make sure that your organization does not meet these criteria, the best strategy is to be situationally aware of the ecosystem your enterprise is a part of and ensure that you stay ahead of other like organizations.
However, when it comes to targeted attacks, the environment the enterprise is a part of does not matter. If the threat agents are motivated and committed to taking aim at you, they will. As with APTs, the best strategy to mitigate these targeted threats is to ensure that you are situationally aware of and continuously engaged in removing the low-hanging fruit from your security ecosystem. This way, you offer more complexity to an attacker and you have a better chance of combating targeted attacks.
Read Seemant Sehgal’s recent Journal article:
“Effective Cyberthreat Management Evolution and Beyond,” ISACA Journal, volume 1, 2015.