Analyzing the truth behind the advanced persistent threat
The advanced persistent threat, which rose to prominence earlier this year when Google revealed that its corporate systems were raided by well-funded attackers, is really no different than prolific crimeware that organizations have been facing for years.
This is the opinion of Jerry Dixon, director of analysis at Team Cymru, a nonprofit internet security research firm. Dixon spoke in a session Wednesday morning at SC World Congress in New York.
As such, he said, organizations should treat state-sponsored threats in the same vein as they would attacks targeting bank account credentials or credit card information.
Dixon, the former director of the National Cyber Security Division at the U.S. Department of Homeland Security, said many security vendors have picked up and ran with the APT term to pitch products.
But the attacks that targeted Google and a number of other high-profile companies to steal intellectual property contain the same sophistication and deep financial backing that other threats, such as Zeus and SpyEye, do.
As a result, corporate defenses should not change. He preached security awareness as a key tenet to safeguarding sensitive data.