Today there is a veritable alphabet soup of data security standards and laws governing how companies must operate. But, most agree, compliance is more of a first step to security rather than an assurance of security itself.
The methods cyber attackers use to infiltrate networks are endless. There is no doubt that the more sophisticated bad guys looking to steal specific data have enlisted surreptitious ways to achieve their ends.
With simple viruses and Trojans were all the rage, life was simpler for the average CSO. Now, threats of all types abound and the methods cyber attackers enlist to infiltrate networks have only become more varied, often a bit more sophisticated and most assuredly more frequent. One of the most problematic has proven to be APTs.
The announcement in February 2014 by the White House of a Framework for the development of cybersecurity standards follows the announcement one year earlier by the White House of a Presidential Executive Order describing the Government's overall policy toward the cybersecurity on our nation's critical infrastructure.
Targeted attacks, or APTs, can be complex and affect organizations of all sizes, across all industries. But that doesn't mean their detection and prevention has to be complex too. With constant confusion around ATAs and APTs, a staggering 68% of IT Managers admit they don't know what an APT is.
Many IT organizations today are tasked to manage a complex landscape that includes a mix of SaaS applications and on-premise applications being accessed by various user populations; employees, customers, mobile workers, etc.