Bookmark and Share

The war on APTs: Will We Ever Win?

The group agreed from the start that the single biggest threat to any InfoSec professional in any industry are Advanced Persistent Threats. The attacks are relentless, targeted, covert, and very focused—they base their attacks on company intelligence and your user behavior and patterns to the point that it is difficult to discern what incoming data or emails are legitimate or a concealed threat. One group member offered up a Verizon study statistic: traditional defense mechanisms are less than 10% effective with APTs on the prowl. Those within this group advised that organizations should adopt a mindset of always assuming a breach is underway, in order to maintain diligent work against your company adversaries.

Furthermore, the discussion revealed that the security landscape has evolved significantly enough that protecting the overall network is no longer priority. Instead, securing the data within your network takes precedence. Once your data is tightly secure, resources can be used to minimize the attack surfaces within the network. It’s important to seek out technology that helps you protect your endpoints, but more importantly, an enterprise must have processes in place that their people will follow. No matter how advanced your technology and programs, they must have processes that are well practiced and maintained so they are consistently aware of what is happening within the company environment.

Last, the group introduced the topic of crisis management, which they specifically differentiated from incident management. While incident management is a day-to-day issue for the IT team, when a breach happens, you have authorities, customers, partners, media, and more coming to all levels of the company asking questions. The company must all be on the same page in order to handle the issue calmly and know how to respond. Adversaries have become so sophisticated that they may know your network more intimately than you when they unleash the attack—the group agreed that you should never underestimate APTs, because they do not underestimate you.