Security of an organization's network and data is of nearly constant concern to our clients. Today we want to share some recommendations around a specific type of security threat, the Advanced Persistent Threat, or APT.
What is an Advanced Persistent Threat?
This is a security attack in which an unauthorized person gains access to a network and remains undetected for a long period of time. Unlike some other types of security threats, the intention of an APT attack is to steal important data rather than cause damage to the network.
How APTs work
These threats are advanced because they involve gathering data about users within the network – often executives or other employees – and then using that information to develop a customized attack to breach the network. Quite often, the infiltration is achieved through a malware infection via email, instant message or download. Once the attacker has gained entry into the network, they leverage a range of approaches to further infect, locate, and steal valuable data.
Safeguarding against APT attacks
Because each APT attack is specially-tailored for each target, there is no one-size-fits-all approach to safeguarding against this threat. Rather, we recommend a comprehensive security strategy that is under continuous evaluation and adaptation:
- Audit current security controls – Take a look at what devices, tools, and protocols are already in place and examine how they are being used and monitored, their effectiveness, and any threats that have been identified.
- Perform regular, on-time, and consistent security patching – Ensure all security patches are installed and systems are as up-to-date as possible.
- Implement a security analytics tool – Guarantee a quick response and immediate mitigation of any attacks by constantly monitoring and identifying APTs as they occur.
- Identify top priority data – APT attacks target sensitive and proprietary data that is most valuable to an organization. Spending some time identifying what data falls into this category and where it resides allows an organization to put additional safeguards around its most at-risk data.
- Implement a multi-level security program – Single layers of authentication are not enough to stop determined attackers. Multiple layers must be employed to defend against today’s attacks and those that have yet to appear.
- Conduct security awareness training – Many organizations fail to properly communicate to employees the urgency of data security and their roles in protecting the company against attacks. Specifically APT attacks depend upon the poor security habits of users to gain entrance to their target. Regular training on best practices and possible threats will turn employees from potential points of weakness into guardians of your company’s network.
Remember, the greatest security dangers come from complacency – when an organization puts static measures in place and then derives a false sense of security, believing their threats will remain unchanged moving forward.