Page 38 - cdm-2014
P. 38
$0 #$("- ) ) !. , ( .. % # /($+/ # && (" - )!
&$(" 1$.# ( 0 ( ,-$-. (. #, .
Introduction
Advanced Persistent Threat: It’s a term few were familiar with just a few years ago but now it
appears in headlines and is a topic of conversation in the mainstream media. Recent attacks on
Target, Michaels and Yahoo show how easy it is for adversaries to set their sights on a target,
compromise networks and steal important information.
It’s only a matter of time before more organizations experience similar attacks. Why? Because
hackers only need to exploit one vulnerability and defenders need to cover all of them. It
typically just takes a single user unknowingly clicking on a link and the hacker is in. In addition,
hackers spend 100 percent of their time focused on accomplishing the mission while most IT
and security teams are tasked with multiple competing priorities, not only defending the network.
Once these sophisticated attackers gain entry, the damage can be extensive.
The “Verizon 2013 Data Breach Investigations Report” (VDBIR) found that in 66 percent of
cases the breach wasn’t discovered for months or even years. During that time critical data and
assets are at risk. How quickly and effectively an organization responds has significant financial
and legal implications, not to mention the impact on reputation and stakeholder trust.
Organizations can’t expect to never get hacked. But they can expect to improve their response
and mitigate the impact of attacks now and in the future.
This paper will recommend five steps organizations should take once they’ve been hacked. But
in order to understand the basis for these recommendations, it is important to get a deeper
understanding of the nature of these attacks.
A Closer Look at Advanced Persistent Threats
The term Advanced Persistent Threat, or APT, has been used loosely to describe everything
from an isolated virus to a state-sponsored cyber-attack. Research from Enterprise Strategy
Group finds that 59 percent of enterprise organizations are certain or fairly certain they’ve been
the target of an APT. And with APTs now using mobile devices as an entry point for attacks
according to the Ponemon Institute’s “2014 State of Endpoint Risk” study, clearly defining an
APT in order to understand how to detect and remove it is critical.
APTs have three major distinctions from other attacks. First, they are advanced. These are well-
funded, complicated and highly coordinated attacks that use sophisticated methods to penetrate
! " $ !
! # ! "
