What Are Advanced Persistent Threats?

| Comments

Cyber Security Image Source : CyberHades

Owners and employees of small businesses don’t have to understand the most technical aspects of preventing cyber attacks, but they ought to be aware of the potential problems they could face on the cybercrime front. Most businesses are aware of hacking and malware, but they may not be aware of the threat of APT. APT, or “advanced persistent threats,” could be targeting your business right now without you knowing it, so here’s the scoop on APTs and what you can do to prevent them.

Targeting Your Business

The first characteristic of an APT is that the hacker or organization of hackers has identified your business as its target, instead of throwing out attempts at a multitude of people and businesses and going with what sticks. They may have identified something about your company that they’re interested in, or they may have noticed in their first wave of general attacks that your business had exposed holes in network security. In either case, they’re after your company.

What Are They After?

Another characteristic of APT, although every case is different, is that the hackers are likely after something specific in your company. They could be just taking what information they can get their hands on once they’ve identified holes in security, but they’re likely after one of these things:

  • Financial information about the business and employees, including access to bank and payroll information

  • Sensitive information about upcoming products, services and projects that are still under non-disclosure

  • Passwords and IDs to log into all aspects of your system

Going Unnoticed

During APTs, criminals aim to hack as inconspicuously as possible, leaving little trace that they’ve been there. They’re persistent—in other words, they visit the system multiple times and might sneak information out in small batches. They’ll either leave after they have all they came for, or they’ll continue to attack an existing hole in your security until they simply can’t access your data anymore.

You might not even notice they’ve hacked into your system until a major crisis, such as stolen funds or information leaking, and by then, the hackers may already have all they need and closing the network security holes at that point may be a case of too little, too late.

Who Is It?

There’s no surefire way to identify those who perform APTs on your company unless an investigation after the fact leads to answers. They could be from another country entirely or they could be from somewhere nearby. They could, although it’s unlikely, be from a rival company, or they could be strangers who simply stumbled upon your business in the news or during random attacks. More important than identifying who’s after your business is how they’re doing it and what you can do now to stop it.

How It Happens

There are a number of ways that hackers can perform subtle, substantial APTs on your business, including:

  • Holes in your security network. Hackers are always looking to outmaneuver the latest innovations in security. It’s essential that you have your security routinely upgraded, monitored and maximized.

  • Stolen passwords. If an employee loses their password, change it immediately. Ask employees to keep copies of passwords in secure locations or to memorize them, if possible.

  • Lost or stolen devices. If you allow employees to access the business network remotely, you need to pay special attention to your virtual private network security. Authorize only pre-approved devices for access to the network and ask employees to immediately report any missing devices.

  • Hacked devices and equipment. When employees visit websites or download files that carry malware on devices they use to access the business network, they could expose your business to hacker threats.

A Plan of Action

To combat APTs, you need to increase network security and constantly monitor it with the possibility of APTs in mind. Have your IT department or consultants put the network through security upgrades routinely to close any hidden back doors immediately.

Have IT specialists allow only pre-approved devices to access your virtual network, and ask them to put in an option so that they can destroy sensitive data on lost or stolen devices immediately before they lock the device out of the system. Ask employees to be careful to log out of the network, whenever it’s not in use, to keep others from using their devices.

Author Bio: Gina Lewandowski is a contributing blogger, IT manager and tech consultant with several years of experience. She has seen, firsthand, the amount of headaches caused by these types of targeted attacks and now uses Trend Micro software in her own IT department to combat advanced threats .