Is APT the new FUD?

Share this article:
Is APT the new FUD?
Is APT the new FUD?

Advanced persistent threat (APT) is a term with a specific meaning – generally referring to a sophisticated and well-organized cyberattack against a singular entity. These types of attacks are so well-coordinated that the term is generally used in regard to a nation-state or government-sanctioned attack. But, in the security industry, buzz sells, and APT is now becoming synonymous with any form of cyberattack.

In March, RSA announced that it was the victim of an APT attack. Given the stature of the company, the target of the attackers (information to compromise the effectiveness of the company's SecurID line) and the openness of the post-attack investigation, there is little doubt RSA was indeed hit with an APT. But it seems the term now is thrown out any time an attack occurs – and security experts are starting to suggest that companies are hiding under an “APT umbrella” to cover the fact that they have not been following good security practices.

Pete Lindstrom, research director of Spire Security, among others, suggests that APT is nothing more than FUD – fear, uncertainty and doubt – in a different package. Companies have always been embarrassed to admit to a breach – and the term APT absolves them from culpability.

Whether a rogue nation-state is focusing on your company is beside the point – and this is exactly what is missed in this whole discussion. Oftentimes, so-called APT attacks are successful through old-school style attacks, predominantly phishing. This was the case in the RSA incident. While we debate whether APT is an accurate term to describe recent breaches, cybercriminals are laughing their way to the bank. These discussions are important, but it is more important that we learn the lessons of each breach, raise awareness around the vulnerabilities in all of our organization, and find solutions to make sure our data remains secure.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Features

Game theory: Cyber preparedness

Game theory: Cyber preparedness

Business leaders are beginning to fathom the importance of cyber war game simulation exercises, reports James Hale.

Forward progress: How the Denver Broncos really play defense

Forward progress: How the Denver Broncos really play ...

Off the field, demand for bandwidth and protection from network threats set the ball in motion for the Denver Broncos. Greg Masters reports.

Smart defense: A talk with industry veteran Gene Fredriksen

Smart defense: A talk with industry veteran Gene ...

Today's CISO must stay ahead of attackers, says Gene Fredriksen, CISO at PSCU. Teri Robinson talks one on one with the industry veteran.