• United States



Contributing Writer

Advanced Persistent Threats: Very Real and Very Dangerous

Nov 01, 20112 mins
Advanced Persistent ThreatsCisco SystemsData and Information Security

Security professionals are concerned about sophisticated cyber attacks

Today, ESG published a new research report on Advanced Persistent Threats (APTs) and what U.S.-based enterprise organizations (i.e. more than 1,000 employees) are doing about them. ESG also used some of the research data to create a scoring system which we used to segment the market into three types of organizational profiles: Most prepared for APTs (21%), somewhat prepared for APTs (43%), and poorly prepared for APTs (36%). This segmentation model provides a lot of insight on APT best practices, security strategies, and security vulnerabilities. I’ll be blogging about this for a while but there is also some details on the report at: we started this project there was a fair amount of debate about APTs. Was this type of attack real and unique or were “APTs” nothing more than a marketing term to add an alarming label to pedestrian types of cyber attacks. One of my contacts in Washington told me that many Senators were actually dismissing APTs as hype created by the “cyber industrial complex.”To find out whether APTs were indeed real, ESG surveyed 244 enterprise security professionals. Survey respondents were provided with the NIST definition of APTs and were then asked a number of questions about APTs with this definition as a baseline. ESG only surveyed security professionals who were familiar with APTs and had security management authority at their organizations. So is APT just a marketing term? Not according to those with the most knowledge about cyber security. Half of the security professionals surveyed believe that APTs are a unique type of threat while 48% believed that they “somewhat unique” but share some similarities with past attacks (only 2% said APTs are not unique). Alarmingly, 85% of organizations, “most prepared for APTs,” said that APTs are a unique type of threat. This is consistent with several conversations I’ve had with CISOs. Most said that they didn’t think that APTs were anything new until they were attacked. As they watched APT attacks unfold, they were blown away by how they adapted, moved around the network, rooted themselves in systems, and used sophisticated (and often homegrown) innovation to fool security tools and remain stealthy.If organizations possessing the most experience with APTs believe they represent a unique type of threat, shouldn’t we pay attention?

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author