In depth: What does APT really mean?

And what should companies do about truly persistent threats?

Every couple of years the security world faces its version of Jason or Freddie or Ghostface, some malevolent force that aims to end life as we know it. From the worm to the virus to the Trojan horse to phishing to SQL injection to the Zero Day Exploit, these serial killers build on one another and torture the dreams of CSOs.

Now, we face a malicious threat made worse by its malignant name: the Advanced Persistent Threat.

Clearly, the names of these security threats have gotten less interesting with time. But every CSO can spell APT. So can every security marketer, and they tend to stamp the label on everything in sight.

A clear-eyed view of APT (CSO Insider digital spotlight)

Partly that's because a string of high profile companies have suffered losses from APTs. Google, among the most vaunted names in technology, suffered an APT. RSA—a fabled name in security itself —confessed that some advanced and very persistent hackers not only threatened it but also made off with information related to its SecurID line of products. The Internet Security Alliance told companies in the defense industry that APTs were "a near-existential threat," back in 2009.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)