Connect with us

Hi, what are you looking for?


Malware & Threats

Why APTs Should Push You From Your Comfort Zone

Advanced Persistent Threats (APTs) have forced organizations to reevaluate their approach to security. But the adaptive nature of APTs requires much more than a shiny new security box and some spackle to protect your corporate network. The people in your organization need to adapt too, and that is true from end users and security practitioners all the way up to executive leadership.

Advanced Persistent Threats (APTs) have forced organizations to reevaluate their approach to security. But the adaptive nature of APTs requires much more than a shiny new security box and some spackle to protect your corporate network. The people in your organization need to adapt too, and that is true from end users and security practitioners all the way up to executive leadership. Security in the era of APTs is everyone’s problem, and to truly adapt means each team in an enterprise has to push itself out of its traditional comfort zone. Let’s look at some of these challenges.


End-users are the front-line targets of APTs and cyberattacks, and for good reason. In general, there are a lot of these users, they need to communicate and click on things during the course of their days, and security is usually not the first thing on their minds. What that means to an attacker is a range of soft targets susceptible to persistent attacks. To deal with this challenge, end-users need security training, and to be held accountable when their individual behaviors lead to security events.

Risk from APTsThis doesn’t mean you should hand out draconian punishments to someone who gets compromised. Even the most security-conscious person can make a mistake or simply be fooled by a sophisticated phishing or watering-hole attack. However, end-users do need to understand that they play a very active role in the security of the enterprise and the places they go on the Internet, the applications they use, and the links they click on make a big difference. They need to be held accountable; if users don’t feel a personal responsibility when it comes to cybersecurity, all the training in the world won’t change their behavior.

IT Practitioners

While end-users are the initial targets of an attack, it is up to IT practitioners to directly defend the organization from attacks, and APTs obviously present unique technical challenges. Advanced threats are known for using customized, obscured, or evasive threats in order to avoid the layers of enterprise security. This means that IT security teams have to go beyond the automated blocking and review of security logs. Additionally, they need to be thinking of what sorts of threats they might have missed.

This could mean adding new layers of security such as behavioral analysis to identify new or unknown exploits or malware. But the challenge goes far beyond simply deploying new security technologies – they need to creatively engage in security analysis. What anomalies have been seen that could indicate the presence of an APT? What servers, applications, or users have shown changes from their norms that could indicate an infection? This type of monitoring is easier said than done, and requires time, creativity, and focus, Time is obviously in short supply in most IT organizations, so it is critical that these teams get the resources they need from their managers and executives.

IT Managers

Advertisement. Scroll to continue reading.

In addition to empowering their teams, IT managers are being forced to tear down some long-standing walls that usually keep IT groups apart. In a traditional management structure, the network team is strictly segmented from the security team, and likewise end-point security teams are also often separate. Each team has its own priorities, needs and budgets. But while those silos have organizational benefits in the office, APTs don’t respect the boundaries. An advanced attack leverages the network and end-points in a variety of ways over time, and never presents so convenient a solution as “deal with it in xyz end points.” A coordinated attack demands coordinated defenses, and if teams are in silos, their political fiefdoms play right into the hands of the attackers. The long and short of it? Work together or you’re robbing the greater team of valuable context to find and stop an APT.


While much of the APT conversation focuses on the technical aspects of threats, it’s important to remember that the ultimate goal of an APT is to steal or destroy an enterprise’s most critical assets. This could be intellectual property, trade secrets, customer information, or access to business partners. These are the very items that ultimately define an enterprise and can often make or ruin its reputation overnight. That’s precisely why a strategic discussion of APTs has to reach the C-level. CFOs, for example, need to model for the financial impacts of important assets being compromised so that they can properly assess the potential risk and also ultimately understand the true value of security. You can adjust the need-to-do for any other C-level viewpoint – CEO, CIO and CISO especially – but the takeaway must be that security is a strategic topic for the organization from top to bottom.

The good news is most organizations are not starting this process entirely from scratch. IT security teams are more often than not actively engaged, if still divided, when it comes to threat assessment. Even C-level executives who don’t “speak security” have seen enough headlines to make internal inquiries about how well protected their companies are – no one wants to be another Heartland or Hannaford and talk to shareholders, customers and the press about what mistakes were made.

So let that interest be the basis of a deeper discussion. Behavioral change management is an uncomfortable thing at most organizations, but an APT is cause for a new discussion. Whatever your level, get out of your comfort zone and be the change agent your department, your division or your management team needs.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.