Continuing Computerworld Australia’s recent series examining security threats, this week we talk to experts about the problem of advanced persistent threats (APTs).
An APT, according to Symantec, is a cyber attack targeted at an organisation to steal data, especially intellectual property.
For example, US security vendor RSA was targeted by an APT in March 2011 from an undisclosed nation state which took all the information stored on its SecurID tokens.
These tokens are used on personal computers, USB devices and phones within companies to provide an extra layer of security beyond a username and password for people logging into programs or networks.
The information taken from RSA was used in an attempt to infiltrate US defence contractor, Lockheed Martin. The defence contractor was forced to pull access to its private virtual access network after hackers compromised the SecurID token technology.
Extent of the threat
According to Gartner US research director, Lawrence Pingree, an APT can take any electronic information from an infected computer. For example, the APT might be used for intellectual property leakage, credential gathering, destruction of data or even to manipulate industrial control systems.
“It basically depends on what the breached system’s function is within a corporation or government,” he says.
Prime targets for APT attacks include government departments, government contractors ,such as research and development organisations, and financial services entities because these organisations often contain the most attractive data says Pingree.
“This data includes fraud, intelligence and intellectual property,” he says.
However, he warns that more organisations face the threat of an APT as people become more reliant on computer resources. “Hacktivists change this game considerably since they don’t choose based on target data so much as their politics and ideals,” Pingree says.
More than a year on from the APT which led to the worldwide replacement of SecurID tokens, RSA Australia and New Zealand general manager, Shaun McLagan, says the company learnt a number of lessons from the attack including the importance of having an incident response capability and security plans that are documented and tested.
“Companies need to make sure that security is addressed all the way up to the board level and continues to evolve,” he says. “Vigilance on identifying key assets and protecting those [assets] is critically important.”
According to McLagan, RSA’s A/NZ customers are more willing to discuss the threat of compromises following the APT incident.
“The idea that there is a network with a perimeter has gone,” he says. “Now that customers are trying to deal with these APTS, they are looking for guidelines.”
For example, McLagan says companies should educate users within the business, find out what best security practices can be applied and the level of support needed to help create a risk management strategy.
“This strategy should be risk based, contextual and agile,” he says.
Gartner’s Pingree adds that APTs require an advanced persistent security program to address the threats.
“What this means is running a security program where you continually evaluate the security technology you have deployed and make sure it is enforced and updated to the latest technological advancements,” he says.
“Technologies are being changed to address the latest threats, so organisations need to adopt this technology and strategy to remain effective against the adversary.”
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU