Advanced persistent threats: What you need to know
- 27 June, 2012 11:40
- Comments
Continuing Computerworld Australia’s recent series examining security threats, this week we talk to experts about the problem of advanced persistent threats (APTs).
An APT, according to Symantec, is a cyber attack targeted at an organisation to steal data, especially intellectual property.
For example, US security vendor RSA was targeted by an APT in March 2011 from an undisclosed nation state which took all the information stored on its SecurID tokens.
These tokens are used on personal computers, USB devices and phones within companies to provide an extra layer of security beyond a username and password for people logging into programs or networks.
The information taken from RSA was used in an attempt to infiltrate US defence contractor, Lockheed Martin. The defence contractor was forced to pull access to its private virtual access network after hackers compromised the SecurID token technology.
2012: Next-generation threats need next-generation firewalls
Extent of the threat
According to Gartner US research director, Lawrence Pingree, an APT can take any electronic information from an infected computer. For example, the APT might be used for intellectual property leakage, credential gathering, destruction of data or even to manipulate industrial control systems.
“It basically depends on what the breached system’s function is within a corporation or government,” he says.
Prime targets for APT attacks include government departments, government contractors ,such as research and development organisations, and financial services entities because these organisations often contain the most attractive data says Pingree. “This data includes fraud, intelligence and intellectual property,” he says.
However, he warns that more organisations face the threat of an APT as people become more reliant on computer resources. “Hacktivists change this game considerably since they don’t choose based on target data so much as their politics and ideals,” Pingree says.
Addressing APTs
More than a year on from the APT which led to the worldwide replacement of SecurID tokens, RSA Australia and New Zealand general manager, Shaun McLagan, says the company learnt a number of lessons from the attack including the importance of having an incident response capability and security plans that are documented and tested.
“Companies need to make sure that security is addressed all the way up to the board level and continues to evolve,” he says. “Vigilance on identifying key assets and protecting those [assets] is critically important.”
According to McLagan, RSA’s A/NZ customers are more willing to discuss the threat of compromises following the APT incident.
“The idea that there is a network with a perimeter has gone,” he says. “Now that customers are trying to deal with these APTS, they are looking for guidelines.” For example, McLagan says companies should educate users within the business, find out what best security practices can be applied and the level of support needed to help create a risk management strategy.
“This strategy should be risk based, contextual and agile,” he says.
Gartner’s Pingree adds that APTs require an advanced persistent security program to address the threats.
“What this means is running a security program where you continually evaluate the security technology you have deployed and make sure it is enforced and updated to the latest technological advancements,” he says.
“Technologies are being changed to address the latest threats, so organisations need to adopt this technology and strategy to remain effective against the adversary.”
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU
Recommended
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Why change management doesn’t work
-
Larry Page wants to see your medical records
-
Dual-Persona Smartphones Not a BYOD Panacea
-
After two-year hiatus, EFF accepts bitcoin donations again
-
CIOs struggle to deliver timely mobile business apps: survey
-
Russian Underground 101
This research paper intends to provide a brief summary of the cybercriminal underground and shed light on the basic types of hacker activity in Russia. It discusses fundamental concepts that Russian hackers follow and the information they share with their peers. It also examines prices charged for various types of services, along with how prevalent the given services are in advertisements. The primary features of each type of activity and examples of associated service offerings are discussed as well. Read this paper. -
Choice and Control – Considerations for Developing Enterprise Cloud Strategies
Enterprise-wide cloud implementation can be a challenging process, requiring a thoughtful, strategic approach. In this whitepaper, IBM® shares considerations for developing enterprise cloud strategies. It looks into how the rapid-scale enterprise-class environment can help enable the type of agile infrastructure that aids organisations in quickly meeting the demands of an ever-evolving marketplace, thereby providing true business value. Read now. -
Tolly Report: Performance Survey of Virtual Environment Security
This report by Tolly tests the system resource requirements of competing vendor solutions when performing on-demand and on-access scanning functions, during distributed definition updates. Click to download how the four competing options ranked against each other.
Get exclusive access to Invitation only events CIO, reports & analysis. 
