|    1-877-JESKELL     |

What are APT's and Why Should Your Agency Care?

Aug 25, 2015 7:55:00 AM | Security

Cyber security attacks are in the news every day, but have you heard the term "APT" yet? If not, it's time to review.

What Are They?
An Advanced Persistent Threat (APT) is a type of cyber attack that “(i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives,” according to NIST Special Publication 800-39. And often, an APT’s objective “is to steal data rather than to cause damage,” according to TechTarget.com.

These definitions highlight three key aspects that differentiate APTs from other cyber attack methods: purpose, longevity, and adaptability.

Their purpose–“to steal data rather than to cause damage”—is different from attacks that are designed to cause maximum damage or disruption. Attacks meant to destroy or disrupt are, by nature, more obvious, because destruction involves change, and changes are usually noticeable. But theft of data does not require any change, at all—the data stays exactly where it is. It’s just copied. That makes theft much more difficult to identify than destructive attacks.

The second differentiator between APTs and other attacks is that they require time spent within the network in order to work. APT attacks must go undetected long enough to locate, copy, and extract data. But what is a “long” period of time? It depends on the amount and type of data being sought. For example, in the recent OPM hack, attackers possibly required weeks of access to OPM networks in order to retrieve the massive amounts of data stolen. An attack on a smaller, more targeted amount of data might take only a few hours of work by an APT attacker.

Third, and most importantly, APTs are adaptable. If you put up a wall, the APT attacker’s goal is to figure out how to get over or around it. APTs—and the hackers behind them—operate by examining a defense from every angle until a vulnerability is found. That means any security strategy that relies solely on static defenses is more likely to succumb to an attack. Your best bet in warding off APTs is to incorporate responsive security into your environment—essentially fighting adaption with adaption. More on that to come in another blog post.

Why Should My Agency Care?
Your agency should care about Advanced Persistent Threats because they are increasingly responsible for information theft, and they can have potentially disastrous consequences for both the agency hacked, and the employees whose information has been compromised.

APTs can be used to steal any kind of information imaginable. They can steal an agency’s sensitive operational details; they can take employees’ personal identifying information (PII), as has already been the case for more than 22 million federal employees via the OPM hack. Therefore, APTs must become a major concern of every agency, and every agency employee, in the federal government.

< Back to All
Steve Koppenhafer

Steve Koppenhafer

For more information on this topic, contact me below.

Contact Us

Categories

Security

Subscribe now to get our latest news