CIO: 5 tips for defending against advanced persistent threats

/Home/Internet Security: Articles/Internet Security: CIO/CIO: 2016

APTs are increasing in occurrence and severity, as are the costs associated with protecting businesses adequately from. Is your organization prepared to do battle against an APT? You better be.

By Ed Tittel and Kim Lindros
Apr 26, 2016

The aptly named advanced persistent threat (APT) is a type of network attack in which an attacker selects a specific target, uses social engineering and advanced technologies to break into a network and then focuses on that target for weeks, months or years until the attack has successfully played out (or been thwarted). Once inside a network, the attacker's goal is to remain undetected while using some type of malware to capture confidential information, which is ultimately sent to a different location for analysis and then sold on the black market.

APTs are highly organized, sometimes with a complete staff, and have plenty of monetary and technological resources. Although APTs may use common hacker tools, they more often employ sophisticated, customized software that's less likely to be picked up by a security protection system. Types of APTs or delivery mechanisms include zero-day attacks, phishing, advanced malware and a variety of Web compromises.

This article looks at five ways to protect an organization's assets from APTs. All are important.

Click the URL above to read the full article