Calum Macleod VP EMEA Lieberman Software

It is generally acknowledges that Advanced Persistent Threats (APTs) represent the biggest concern for companies today when it comes to the use of cyber-space. No company can function without Internet access, and virtually all information is in digital format.

Like cancer, APTs tend to go for the proverbial jugular. You never hear of someone suffering from cancer of the big toe; it’s always a major organ that gets targeted. And how or where the seeds are sown is virtually impossible to detect. Certainly there are preventative measures that can be taken, but that will not guarantee that someone will not be infected. APTs similarly are not about targeting irrelevant or invaluable data. For example I’m sure that those who breached Target and others could have stolen details that had little or no commercial value. It seems fairly obvious that if they can access the most confidential data, then they can probably access anything they wish.

APTs are advanced because they know what they are looking for. And this becomes the immediate root of the problem of trying to deal with them. APTs have changed the target from technology to humans. Attacks used to focus on trying to break into your server, firewall or application by trying to find a weakness. Today’s attacks are targeted. They are not simply trying to cause some havoc, they are trying to steal valuable information, and fundamental to the success of APTs is their ability to identify the weak link in the human chain. That’s what makes them “advanced” – it is social engineering on a scale that we have never imagined.

And they are persistent. They don’t simply try once and move one. Once an APT has decided to target your organization, they have done their research. They are targeting your specific organization and know exactly what they want to achieve. So APTs will persist until they eventually succeed.

And like cancer, by the time you detect the APT, the damage has frequently already been done, and can be terminal. Certainly if you happened to be the CIO or CEO of Target! The APT will start with the simple email, or the visit to what may appear to a genuine website.  And of course APTs love encryption since very often they can use this to hide from anything that may be looking for unusual behavior. And like cancer, APTs have two interesting characteristics. Firstly it is unlikely you will discover that you have been infected yourself, and secondly the infection has usually happened several months earlier.

Which calls into question all the technology that is claiming to protect you and your organization against APTs.

It would be interesting to do an analysis of all the products that have won awards as the best APT protection and see how many of the organizations that we know have been victims of APTs were already using these technologies. Does it mean that these technologies are actually not up to the job, or is it more likely that those making the selection don’t understand what APTs are?

One could argue that aspirin is a cure for cancer on the basis that 75% of all those who take aspirin do not contract cancer. On the same basis you could argue that not all companies that use a certain technology are victims of APTs, but in reality in both cases you could only say that neither the cancer nor the APT has been detected.

Are these technologies useless? That is not the suggestion here. It makes sense to take preventative measures, and it is important to be informed of the risks and to try and protect ourselves, but to put our hope in technology to protect us from APTs, is ill-advised. One of the symptoms often associated with cancer is weight loss, and one of the major symptoms associated with APTs is data extraction. APTs are not simply interested in hacking your server; APTs are all about stealing your assets, so it’s not what comes in that is going to help me know that I’m infected, but rather what’s going out.

A few days ago I came home to find a note in my letterbox from our local “witch doctor” offering to solve all my problems within three days, including the healing of any physical or mental problem. And all I needed was to bring some eggs and a candle for my consultation. Unfortunately APTs were not on the list, although I’m sure there are enough “APT Healers” who no doubt will offer you the cure for Cyber Cancer!