This website uses cookies. View our cookie policy
Select regional store:

Advanced Persistent Threats (APT)

Advanced Persistent Threat (APT) refers to the coordinated cyber activities of sophisticated criminals and state-level entities. ATPs usually target large organizations and state governments, with the objective of stealing information or compromising IT systems.

The goal of an APT is not usually to bring down a business, but to stay embedded and to extract information at a slow and undetected pace. The successful APT is the one you do not know about because it is already inside your network.

This page explains APTs, how they work, and how you can protect your organization from them.

On this page

What is an Advanced Persistent Threat?
21st Century Chinese Cyberwarfare
Effective Cybersecurity
Penetration Testing
Cybersecurity Standards
Cyber Resilience
Cyber Resilience Toolkit

What is an Advanced Persistent Threat?

  • Advanced
    APTs involve groups of attackers working with governments and commercial entities, combining multiple targeting methods, a range of tools, technologies, and techniques to reach, compromise, and maintain access to a target. Such groups usually have advanced technology skills, state protection, and a wide range of channels through which they can mount their attacks.
  • Persistent
    APTs usually employ a "low-and-slow" approach rather than a barrage of constant attacks and malware updates. Long-term access to a target can be of significant benefit to the attacker, so remaining undetected is crucial to their success.
  • Threat
    Skilled, motivated, organized and well-funded, APT attacks are executed by coordinated human actions rather than by mindless and automated pieces of code.

21st Century Chinese Cyberwarfare

A topic that has become increasingly high-profile since 2012 is the threat posed to western organizations (particularly, it seems, those in the US) from cyber criminals based in China.

In February 2013 a surprising report from US security company Mandiant highlighted the volume of attacks apparently coming from the Chinese state military, even going as far as identifying the specific military unit responsible: PLA Unit 61398. The unit has breached the cybersecurity infrastructure of at least 141 western organizations to steal hundreds of terabytes of data and information.

Lieutenant Colonel William Hagestad discusses APTs in detail in his book 21st Century Chinese Cyberwarfare, available from the IT Governance Web Store.

Effective Cyber Security

Although APTs typically target specific government or private sector organizations, lower-level cyber attacks are more widespread and are initially automated and indiscriminate, meaning that any organization with an internet presence will be scanned and potentially targeted. Vulnerable targets with potentially interesting or valuable data can then be attacked further.

In any organization it is a management responsibility to minimize risk and maximize business opportunities and return on investment. The threat from APTs is such that CEOs in every industry sector should not delay devoting attention and funding to combatting advanced persistent threats. The best approach is to plan and act as though you have already been breached.

Effective cybersecurity depends on coordinated, integrated preparations for rebuffing, responding to, and recovering from, a range of possible attacks. There is no single standalone solution for cybercrime or for APTs; the very nature of an APT is that it is designed to evade standard security controls.

Penetration Testing

Regular penetration testing involves the simulation of a malicious attack against the security measures under test, using a combination of methods and tools, and conducted by a certificated, ethical professional tester. The resultant findings provide a basis upon which security measures can be improved. Pen testing is the only way of establishing that your networks and applications are truly secure.

Find out more about IT Governance’s CREST-certified penetration services here >>

Cybersecurity Standards

Cybersecurity standards are an important element in building a strong, resilient information and communications infrastructure. ISO/IEC 27001 is the most significant international best-practice standard available to any organization that wants an intelligently organized and structured framework for tackling its cyber risks. ISO27001, as a specification for an Information Security Management System (ISMS), is clear and precise. It also lists 133 key security controls that should always be at the heart of any organization's approach to securing its information assets.

Find out more about ISO27001.

Cyber Resilience

The idea of resilience—that an organization's systems and processes should be resilient against outside attack or natural disaster—is a key principle underpinning ISO27001. Incident response is one aspect of business resilience, and ISO/IEC 27035 is best practice for incidence response.

Business continuity for information and communications systems is even more fundamental to cyber survival, and ISO/IEC 27031 now provides detailed and valuable guidance on how this critical aspect of business resilience should be tackled. Also capable of working within a broader enterprise-wide business continuity management system (such as that specified in the new business continuity management system standard ISO22301), ISO27031 should form part of every organization's planning for cyber resilience.

Cyber Resilience Toolkit

The Cyber Resilience Implementation Suite is a bundle of eBooks and documentation toolkits that gives you all the tools you need to develop a cyber resilient system that will both fend off cyber attacks and minimize the damage of any that get through your cyber defenses. It contains: