Prevention Strategies for Advanced Persistent Threats
Advanced persistent threats present long-term risks to organizations of all sizes. To protect sensitive data, finances, and reputation, businesses large and small must evolve their approach to comprehensive cybersecurity.
Designed to be undetectable, advanced persistent threats (APT) involve cyber criminals gaining access to an organization’s network and probing for sensitive information over the span of several months. Preventing this type of long-term attack requires proactive planning and a departure from full reliance on traditional security measures (e.g., firewalls, antivirus, intrusion detection/prevention systems). The problem with traditional defenses is that APT attacks will not always be detectable based on file characteristics or network flow. In short, they are limited by the features they are programmed to detect.
To effectively thwart APT before they result in loss of finances, reputation, or sensitive information, organizations must develop an APT-specific strategy and constantly refine it in response to new and evolving threats. The below are a few important examples:
- User security awareness training—95 percent of APTs begin with a form of social engineering, mainly spear-phishing. This tactic involves a malicious actor sending tailored information to a specific target via email, which entices the target to click a malicious link or file attachment. Clicking results in the download of malware and provides the attacker with an entry point into the victim’s workstation, which then gives them the opportunity to move laterally within the network to gain exponentially increasing levels of access. With increased security awareness, employees are empowered to stop APT before they can become a problem.
- Network access control (NAC) and identity and access management (IAM)— IT departments should implement tight access control policies and parameters to stop attackers from moving laterally across a network via unsecured devices. If a device is not in compliance (e.g., outdated or unpatched operating system), a NAC solution will block access to the device, forcing an attacker to move on. Similarly, effective IAM will prevent an attacker from utilizing stolen credentials to gain further system access.
- APT simulation testing— The best way for an organization to understand its risks and vulnerabilities in terms of experiencing an APT attack is to enlist the help of a cybersecurity expert who can simulate a real attack. Testing should last for no less than four months (as APT are long-term campaigns) and should result in a stronger security posture supported by best practice cyber processes and prevention and detection technologies.
In the fight against cyber criminals, preparation and perseverance are key. Enterprise-wide awareness training, effective security controls, and APT simulation testing will aid organizations of any size in reducing breach risk. For more information about what APT are and how to defend against them, read about Securance’s APT simulation testing services here.