Advanced persistent threat (APT) is a term with a specific meaning – generally referring to a sophisticated and well-organized cyberattack against a singular entity. These types of attacks are so well-coordinated that the term is generally used in regard to a nation-state or government-sanctioned attack. But, in the security industry, buzz sells, and APT is now becoming synonymous with any form of cyberattack.
In March, RSA announced that it was the victim of an APT attack. Given the stature of the company, the target of the attackers (information to compromise the effectiveness of the company's SecurID line) and the openness of the post-attack investigation, there is little doubt RSA was indeed hit with an APT. But it seems the term now is thrown out any time an attack occurs – and security experts are starting to suggest that companies are hiding under an “APT umbrella” to cover the fact that they have not been following good security practices.
Pete Lindstrom, research director of Spire Security, among others, suggests that APT is nothing more than FUD – fear, uncertainty and doubt – in a different package. Companies have always been embarrassed to admit to a breach – and the term APT absolves them from culpability.Whether a rogue nation-state is focusing on your company is beside the point – and this is exactly what is missed in this whole discussion. Oftentimes, so-called APT attacks are successful through old-school style attacks, predominantly phishing. This was the case in the RSA incident. While we debate whether APT is an accurate term to describe recent breaches, cybercriminals are laughing their way to the bank. These discussions are important, but it is more important that we learn the lessons of each breach, raise awareness around the vulnerabilities in all of our organization, and find solutions to make sure our data remains secure.