Advanced Persistent Threats (APT)

Advanced persistent threat (APT) is the description applied to the coordinated cyber activities of sophisticated criminals and state-level entities. APTs target large corporations and foreign governments, with the objective of stealing information or compromising information systems.

An APT is not usually deployed to bring down a business, but to stay embedded within its systems and extract information at a slow and undetected pace.

On this page you will learn how APTs work and how to protect your organisation from them.

What does 'advanced persistent threat' (APT) mean?

Advanced: APTs involve groups of attackers often working with governments and commercial entities. These groups are able to combine multiple targeting methods with a range of tools, technologies and techniques to reach, compromise, and maintain access to a target. Such groups usually have advanced technology skills, state protection, and a wide range of channels through which they can mount their attacks.

Persistent: APTs use a ‘low and slow’ approach, rather than a barrage of constant attacks and malware updates. The long-term access to a target provided by APTs can be far more beneficial to the attacker, so remaining undetected is crucial to success.

Threat: APTs are skilled, motivated, organised and well-funded. They are executed by coordinated humans, rather than by mindless and automated pieces of code.

While nearly any large organisation possessing intellectual property or valuable customer information is susceptible to targeted attacks, APTs are aimed at a much smaller range of targets – usually specific organisations.

Since any organisation could be the object of a highly advanced, long-term, and large-scale targeted attack, you can better defend your organisation if you have a better understanding of APTs.

Types of APTs

APTs usually breach organisations through a wide variety of vectors (a path or means by which a hacker can gain access), even in the presence of properly designed cyber security strategies, such as:

• Internet-based malware infection, for example:
  • Links in emails
  • File sharing
  • Email attachments
  • Phishing
• Physical malware infection, for example:
  • Infected USBs, CDs and DVDs
• Other means of external exploitation and intrusion, for example:
  • Hacking
  • Rogue Wi-Fi penetration
  • Zero-day exploitation

 

Effective Cyber Security

As part of its responsibility for minimising risk and maximising business opportunities and ROI, an organisation’s leadership needs to make cyber security a top priority.

Effective cyber security depends on coordinated and integrated preparations for rebuffing, responding to and recovering from a range of possible attacks. There is no single standalone solution for cyber crime or for APTs. By their very nature APTs are designed to evade standard security controls.

Solutions for effective cyber security

Penetration testing

Penetration testing involves the simulation of a malicious attack on an organisation’s information security arrangements, often using a combination of manual and automatic methods and tools.

Regular vulnerability scans and penetration testing should be a fundamental part of any organisation’s monthly and quarterly security reviews. These tests ensure that you can identify and fix vulnerabilities and security holes as quickly as possible, and that your cyber controls are working as effectively as they need to.

Cyber health check

Health checks offer a snapshot of an organisation’s cyber security posture, and consist of a blend of on-site consultancy, audit, remote vulnerability assessments and staff surveys to identify current cyber risk exposure.

Cyber security and ISO 27001

Cyber security standards are an important element in building strong, resilient information and communications infrastructure.

The best way to protect your organisation from cyber attacks is to align your information security management system (ISMS) with ISO 27001 – the international standard for information security.

ISO 27001 is the most significant international best-practice standard available to any organisation that wants an intelligently organised and structured framework for tackling its cyber risks.

Our ISO 27001 Packaged Solutions provide everything you need to implement ISO 27001 without any of the usual associated complexities and costs.

Cyber resilience

Cyber resilience (combining cyber security and business resilience to ensure that an organisation's systems and processes are resilient to outside attack or natural disaster) is a key principle underpinning ISO 27001.

Incident response is one aspect of business resilience, and ISO 27035 is the best-practice standard for information security incident management.

Business continuity for information and communications systems is even more fundamental to cyber survival.

ISO 27031 now provides detailed and valuable guidance on how this critical aspect of business resilience should be tackled.

ISO 27031 is also capable of working within a broader enterprise-wide business continuity management system, such as that specified in the business continuity management system standard, ISO 22301, and should form part of every organisation's planning for cyber resilience.

Cyber security toolkits

Toolkits provide the tools and resources you need to implement your own cyber security project and align your business with ISO 27001.

The ISO 27001 Cyber Security Toolkit provides the means to develop an effective information security management system (ISMS) and combat cyber threats.