ADVANCED PERSISTENT THREAT (APT)
“Cyber attackers have grown increasingly sophisticated . . . We [are now seeing] organized criminals and nation-states that leverage sophisticated tools and inherent vulnerabilities in technology to gain long-term footholds on systems – this is commonly referred to now as Advanced Persistent Threat, APT.
The APT attackers are pros . . .
[I]f they target a system they will invariably compromise, or ‘breach’ it.”
- ISA President Larry Clinton’s February 8, 2012 testimony before the House Energy and Commerce Subcommittee on Communications and Technology (click here for full testimony)
Calendar year 2010 consisted of 415,600 minutes.
On average, during every one of these minutes:
- 45 new viruses were created,
- 200 new malicious web sites went up,
- 180 personal identities were stolen,
- 5,000 new examples of malware were created
- $2 million dollars of corporate revenue were lost
ISA realizes that the cyber threat is constantly evolving and that this growing threat demands a dynamic and flexible system to address it.
One of the relatively recent developments has been the realization of the so-called Advanced Persistent Threat (APT), which refers to the paradigmatic change we have seen in the nature of the cyber threats over the past several years.
Based on the real-world experiences of its member companies, ISA has long proposed creative methods to address the threat such as a novel information sharing structure proposed in 2008 and a new publication on adapting the techniques used by larger companies to fight these ultra sophisticated threats for smaller companies on a cost-sensitive basis.
Indeed, in just the last 2 years, these types of attacks, which had previously been used against nation-states and defense establishments, have now become common throughout industry; the APT now more closely approximates the “Average” Persistent Threat – and the average enterprise is going to have to learn how to protect itself from this new and different form of cyber threat.
The Internet Security Alliance Board is populated by a number of firms that have been dealing with these more sophisticated attacks for a number of years. Beginning in 2011, ISA began leveraging the expertise of our Board firms to develop a program and a set of best practices that can be utilized to mitigate against APT-style attacks.
In collaboration with ISA Board member the National Association of Manufacturers, a series of focus groups were held to field test the applicability of these cost-effective mitigation strategies for the small and medium-size enterprise space. Such work then resulted in the publication of ISA’s booklet “The Advanced Persistent Threat: Practical Controls That Small and Medium-Sized Business Leaders Should Consider Implementing.”
POLICY MAKER EDUCATION
ISA also has attempted to aggressively educate policy makers as to the evolution of the cyber threat and proposed detailed public policy alternatives to the static regulatory proposals that had been popularized in recent years in the U.S. Senate.