There are a lot of different threats to the security of business data online, some more insidious than others.
Advanced Persistent Threats, or APTs, rank among the most dangerous cyber security threats out there.
Why APTs Should Terrify Any Business Owner
What makes APTs so terrifying is that once they’re on your system, they will continue to quietly export your data over the course of several months. Given enough time, APTs can steal massive amounts of data from a company, compromising most of—if not all—their most sensitive and protected information.
One example of the damage an APT can do would be the infamous Target data breach of 2013. As noted in a Bloomberg Business article published after the attack, “in the days prior to Thanksgiving 2013, someone installed malware in Target’s security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores… On Dec. 2, the credit card numbers started flowing out.”
By the end of the breach, over 40 million credit card numbers had been stolen.
APTs are highly sophisticated attacks that often employ complex strategies to stealthily steal data right out from under a business’ nose. However, there are ways that you can defend against Advanced Persistent Threats on your business’ IT infrastructure.
These methods of fighting advanced persistent threats rely on three basic strategies:
Preventing the Introduction of APTs to Your Infrastructure
The most desirable solution to the problem of APTs is to make sure that they never get onto your IT infrastructure in the first place. In many ways, the strategy for preventing advanced persistent threats from getting onto your systems is similar to a general strategy for protecting against other malware online.
Strong perimeter defenses such as firewalls and antivirus are a key part of preventing APT malware from being installed on your computer systems. However, there’s only so much that a firewall or antivirus program can do if authorized users aren’t exercising caution.
So, another key strategy for preventing the introduction of APTs onto your business systems is to train workers who have access to the system in basic account security protocols such as:
- Not sharing account details
- Recognizing phishing attempts
- Safe web browsing at work
This can help prevent user accounts from being hijacked and used by hackers to bypass your perimeter defenses.
Mitigating Access to Data if an APT Gets On the System
No matter how good your perimeter defenses are, you should always use additional layers of defense to protect your IT infrastructure in case of an attack from within your organization. If an authorized user account is hijacked, or if an employee/vendor abuses their access privileges, this can let the hacker bypass all of your perimeter protections to upload an APT to your system.
In case of such an event, you can limit the harm an APT can do by using strong internal security measures within your IT infrastructure.
For example, putting your individual apps and databases behind separate internal firewalls can limit the access of an uploaded piece of APT malware, reducing their ability to access your data. Additionally, data-at-rest and data-in-flight encryption can help keep APTs from sending hackers intelligible data.
Also, when you terminate a business relationship with any party, employee or vendor, their account access to your system should be revoked as soon as possible.
Closely Monitoring Incoming and Outgoing Data Traffic/Requests
Vigilance is necessary for spotting APTs that might exist on your system. Monitoring unusual activity on your databases and watching for abnormal data access requests can often help identify the early warning signs of an APT on your system.
For example, if you notice that data is steadily being moved off of your secure servers to less secure ones, this could be a symptom of an advanced persistent threat on your network. In the Target hack mentioned earlier, the theft of 40 million credit cards happened in stages as the APT moved sensitive data from secure servers to less secure ones—all before finally sending the info to Moscow.
This kind of monitoring can be difficult to handle without an experienced team of experts and a strong IDS/IPS solution. At the very least, having an event logging solution is critical for tracking when data files were accessed and where the data was sent off to.
Some firewalls, such as Palo Alto Network’s industry-leading firewall, provide inspection of outgoing traffic and destinations to automatically block outgoing traffic to restricted IPs on a blacklist.
Not all IT environments will have the IDS/IPS solutions necessary to enable close monitoring of data access traffic. If you need such tools, using a secure cloud solution that incorporates these elements can give you these tools without requiring large upfront costs.
Following these three strategies of prevention, mitigation, and monitoring can help businesses of all sizes protect against advanced persistent threats.