Skip to main content

What are APTs and how can businesses protect themselves?

Cybercrimes are not only occurring with mounting frequency in today’s wireless world, but they are also becoming increasingly sophisticated and widespread.

Just recently UK telecommunications, internet access and mobile network services company TalkTalk was the latest in a long line of brands to face media scrutiny after its website was breached by a significant and sustained cyber-attack, where credit card, bank account details, names, addresses, dates of birth, email addresses and telephone numbers could all have been accessed.

With a criminal investigation now underway, it is not yet known what the nature of the attack was, although early insight suggests that it may have been a distributed denial of service (DDoS) attack, where a website is hit by waves of traffic so intense that it cannot cope. However, a second school of thought believes that the DDoS attack may have been a smokescreen to distract the organisation’s defence team whilst the cyber criminals set in practice their real objective of stealing data.

Should the second school of thought be accurate, this may even have been an Advanced Persistent Threat (APT). What sets Advanced Persistent Threats (APTs) apart is the nature and scope of the attack as they stealthily exploit vulnerabilities over a period of time. Gartner puts it simply - ‘Advanced’ means it gets through your existing defences. ‘Persistent’ means it succeeds in hiding from your existing level of detection. ‘Threat’ means it causes you harm.” Once inside the network, APTs move around surreptitiously, seeking out sensitive data rather than disrupting systems and raising red flags. These attacks are well coordinated and have very specific objectives that target key users within the organisation to gain access to high-value information – be it top-secret military or government documents, trade secrets, blueprints, intellectual properties, source codes and other confidential information. The worst part is that no organisation, irrespective of size or type, is immune to these attacks.

What is clear, whether it turns out to be DDoS, APT or another means of cyber-attack, the bottom line is that many of today’s businesses are relying on basic security defences like firewalls, anti-viruses and spyware that are dealing with APTs, and other means of attack, conceived years ago. Which means it is only a matter of time before our traditional cyber security systems will be faced with the next generation of attacks and it is unlikely that they will succeed. It is now imperative to develop a layered security approach that will amp up the security arsenal with a 360 degree visibility into all corners of the network.

Forewarned is Forearmed – Key Elements to APT Defence

Unfortunately, there is no magic wand to combat APTs. The stealthy and random nature of APTs makes it a daunting task to predict attacks. Daunting, but not impossible. The time has come for organisations to move beyond a perimeter-based ideology to a more comprehensive and multi-layer security approach that ensures continual protection even in the case of a breach. The critical elements to a successful APT defence lies in an intelligent combination of defence, analytics and a proactive incident response plan.

  1. Know what to protect

The first step in any APT defence strategy is knowing what assets to protect. Once this data is sorted and classified, it provides a bird’s eye-view of pieces of your infrastructure across storage, security and accessibility across devices and endpoints.

  1. Assess your security loopholes

The next step is to identify and categorise the most-at-risk information systems and high liability assets that link back to critical data. Assessing these systems enable us to prioritise protection and remedial plans against potential vulnerabilities. It is especially important that risk assessment is an on-going process to keep abreast with the ever-evolving threat landscape.

  1. Shore up monitoring and detecting capabilities

Comprehensive monitoring off all inbound, outbound and internal traffic network is imperative to contain the scope and impact of a potential attack. Additionally, advance detection and real-time analytic tools in conjunction with traditional security solutions enable organisations to identify malicious activities as and when they occur. A truly effective solution lies in the ability to differentiate normal and anomalous traffic patterns or activities generated by any IP-based device that connects to the network. By applying threat intelligence through analytics, these real-time insights allow for immediate isolation and remediation to stop the attack in the early stages.

  1. An informed user is a safe user

The fact that APTs are often employed in the form of phishing emails, employees are the most susceptible targets. It does not take much to trigger a malicious code through an enticing link or attached file. Security education and training makes employees aware of the potential security pitfalls of BYOD and cloud services. It also places some level of responsibility on the employees themselves to ensure that sensitive data remains secure.

  1. Put an APT incident response plan in place

It is absolutely vital for an organisation to have a carefully crafted and up-to-date incident response plan in place. It helps guides the organisation in quick identification and response in controlling a potential breach. This is what ultimately determines the effectiveness of the organisation’s response to an attack.

Staying Ahead of the APT Curve

The complex nature of APTs pose huge challenges to our standard security defence systems. On the flip side, they provide a much-needed impetus to reassessing frameworks and utilising solutions that are scalable to protect the entire organisation. This latest attack against TalkTalk’s website is a huge wakeup call to the business community at large around the perils of delaying taking positive action against cybercrime.

Is it not easy to secure your business against every type of attack, but the fact remains that a multi-pronged and layered approach to security is no longer an option but a must-have. If you need convincing, you only have to look at the huge financial and reputational losses that will ensue for TalkTalk.

Isaac George, SVP & Regional Head of Happiest Minds UK

Image source: Shutterstock/lolloj