Put four CSOs together and sooner or later they’ll start talking about Advanced Persistent Threat (APT). Now imagine the conversation with 20 CSOs together.
I recently hosted a session at a security event at Microsoft and the two dozen security executives started discussing APT. Each of them had a different description of APT’s and opinions ranged from APT being the next frontier of security to it being the next Y2K. Consensus seemed to coalesce around the definition of APT being characterized by wide spectrum of attack, targeted on particular goals, persistently finding ways to sustain the compromise, highly-resourced attackers and intentional attacks rather than opportunistic attacks. Most organizations admitted that they were looking to invest in APT related programs over the next three years.
While most organizations will continue to struggle with separating the real from the hype surrounding APT, I’d suggest considering the following questions when dipping your toes in the murky APT water:
- How does your organization define APT?
- How does this APT definition differ from traditional threats?
- What are the primary drivers for APT related programs in your organization?
- How will your current mitigations stand up to your definition of APT?
- How will APT influence your existing Information Security programs?