If experiencing a military-grade cyber attack on your business sounds scary, then that’s exactly what Advanced Persistent Threats (APTs) are. This kind of infiltration means attackers get inside your network, gain access to all your sensitive data and wreck havoc on your system even without you knowing it.
APTs fall under the category of cybercrime, and they are directly aimed at businesses and political organizations. Cybercriminals employ careful and methodical stealth to infiltrate a corporation’s network and breach their key systems, and not only because of financial gain. Picture out a cybercriminal mastermind funding an APT operation against a rival corporation in order to gain the market share upper hand or to thoroughly topple down a competitor in preparation for a massive buy out, and you have your typical APT attack scenario.
APTs are considered advanced because its operators make use of a whole gamut of computer invasion technologies on a larger scale. APT attackers first acquire access to your network using legitimate methods, then create a back door to build a bogus infrastructure, install fake utilities and distribute malware within your system. From online malware and physical malware infections all the way to external exploitation of networks, APT cybercriminals are even able to employ more tools and develop multiple attack systems on the go, all towards the goal of compromising their target – you.
APTs are considered persistent because the attacks continue over a longer period of time. Operators conduct continuous monitoring of your network and use a “low and slow” method of approach while sending malware infections on a consistent basis.
APTs are considered a threat because they are well funded and highly coordinated attacks performed by human operators. These operators do not simply insert an automated code to infiltrate your network, but use highly advanced computer infiltration skills and technology to undertake a well-organized system of invasion based on certain motivations, and to achieve certain goals.
APT attacks often make use of insiders within your company and take advantage of “trusted connections” to infect and compromise your digital systems, while staying as invisible and undetectable for as long as possible. Even if you are equipped with state-of-the art computer defense systems, an APT attack may be next to impossible to detect.
Ways to guard against APTs
Assuming your business will be unable to detect an APT attack when it happens, there are still some ways you can guard your organization’s network to limit the impact of a massive data breach:
- Evaluate the risk an APT could bring to your organization. What sort of motive would make your business a target? What information in your system would be considered valuable? How vulnerable would your network be if attacked?
- Top executives, especially your Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs), should work hand in hand to have a uniform set of anti-APT strategies. They should implement a single-node defense framework.
- Run an APT Security Assessment on your entire network to detect even the slightest hint of an APT presence, as well as identify any security gaps you may have.
- Educate and train your employees about APTs to ensure they understand the risk. An alert and aware staff is the first layer of your firewall.
- Update software on a regular basis to limit your risk of attack. Outdated software systems only leave you more exposed.
- Stay current on malware, virus, and other cyber attack methods and follow cyber security news on new threats and trends.
- Install a higher level of online filtering and deep packet inspection for all incoming and outgoing email and other web traffic to detect any changes in pattern.
- Install a data loss prevention system to alert you whenever sensitive or critical data leaves your network.
- Reinforce your authentication systems and tighten your network access control. If you can restrict the number of system logins and increase the number of authentication methods, so much the better.
- Rethink your network protection systems. Systems that identify a difference in signature are useless against an infiltration. However, installing a behavior-based security system may do the trick for APT early detection.
- Limit access to social media sites and block access to sites considered to be high-risk.
- If possible, create or have your own instant messenger system that can only connect through LAN – and not through the World Wide Web. This way, communication is limited only among your colleagues at work. Free IM apps, such as Skype and Yahoo Messenger, should be prohibited.
- Given the rise of mobile usage among employees, implement a strict “bring your own device” (BYOD) policy – such as no to jailbroken devices and yes to tougher VPN deployments. Orient your employees about this policy and make them understood about the risk of bringing their own device at work. It has been proven that a weak BYOD strategy, especially concerning mobile smartphones and tablets, is a major APT loophole. There are several BYOD policy templates online (Link 1, Link 2 – The White House BYOD Policy, Link 3 and Link 4) you can take a look. Pick the ones you want to use.
- Be aware of your insurance coverage in the event you or your customers become a victim of APTs, and your clients decide to sue you for the breach.
- Exploit the security features and functions of cloud computing and big data to your advantage. Most major cloud providers have the world’s toughest protection against APT attacks.
APTs may still be considered an invisible enemy. However, if you take all efforts to guard your network at every angle, and more importantly, know all the angles at which an attack can approach, then you’ll be creating a tougher system that will be more difficult to crack. You must keep yourself updated because APTs continue to grow. More new ways of APT attacks are coming out each day. Each one more sophisticated, able to evade the usual APT defenses.
Stay safe!
Photo by Christiaan Colen.