Focus on the people, then the technology
Cyber criminals, threat actors, hackers—they know cyber crime pays.
Your data and technology, stored in networks and the cloud, are
vulnerable. And although the tactics, targets and technology of
attacks are all important, your most powerful defense against cyber
crime is to understand threat actors.
To effectively prevent and respond to cyber crime, you need to
establish the motivations and methodology of threat actors. Here are
two ways advanced cyber attacks work:
Targeted – Malware, such as spear phishing, is used to reach a
specific machine, individual, network, or organization. This malware
tends to be signature-less, or otherwise evades antivirus and other
traditional cyber security efforts using the criminal's knowledge of
Persistent – Advanced cyber attacks are initiated via a series
of email, file, web, or network actions. These individual actions
might remain undetected by antivirus or other traditional defenses, or
be ignored as harmless or low-priority. However, the malware becomes
entrenched and pervasive, and culminates in a devastating attack.
Malware that uses both of these methodologies simultaneously
presents an advanced persistent threat, or APT. And any organization
in any industry can be a target.