Infosecurity webinar, 15 June 2015
The term ‘advanced persistent threat’ has been used (and perhaps abused) by information security vendors and professionals for years, but has the information security industry reached an accurate consensus on what an APT actually is, and how to manage one?
Steve Bailey, Cyber Security lead at PA Consulting Group’s 7Safe practice, gave his views on APTs as a member of a panel of industry experts moderated by Stephen Pritchard of Infosecurity Magazine.
You can hear the full panel discussion, which defines the term and questions whether APTs are overhyped, or indeed under-managed, and what you should do about them, by following this link:
Steve defined APTs as “a good old-fashioned targeted attack” that is responsive to the organisation’s systems and gently probes for data. The key is that an APT is persistent in that the attackers have a clear goal. They are focussed on obtaining the data that is of interest to their controllers and will continue to search for this and download it until their mission is complete or until they are detected.
Steve talked about the People risk factors that open up systems to a persistent attack of this nature. The point being that when staff open unexpected and/or suspicious attachments or follow links without questioning the security implications, they make it easier for attackers – both skilled and un-skilled. Likewise, social engineering attacks are made much easier if the people answering the phone give away confidential information that can help the attacker to target the right people and systems.
Whilst APTs will succeed eventually and can’t be prevented entirely, this does not mean that we should neglect basic measures: defending against APTs is not impossible in some threat scenarios.
To keep advanced threats to a minimum, we need to start with a foundation level of cyber security – a baseline of defences. If we can keep attackers out in this way, they are more likely to turn their attention to softer targets. However, prevention alone, including measures beyond the network boundary such as encryption, will never be enough. Rather, we need to respond to attacks in a calm and measured way, applying a strategic approach that includes ‘People, Process and Technology’.
Polls conducted during the webinar showed that 35% of respondents believed that APTs were over-hyped, while 59% said they were not. 58% said that the biggest threat comes from cyber criminals, 9% hacktivists and 32% APTs. Interestingly, 22% said that their organization had experienced an APT, 43% said not, and 35% thought that they may have been attacked but had no way to confirm this.
The panel concluded by agreeing that the entry level for APTs will come down and more people will adopt advanced hacking techniques, especially since lower level attacks have now been automated. Hackers have time to try sophisticated attacks that had previously been confined to military experts.