Targeted Attacks: Defending Against An Evolving Threat

Featured on Next Peak’s blog

By: Greg Rattray
This article first appeared on Next Peak’s blog

The FBI and Department of Homeland Security have issued multiple alerts warning of increased cyber attacks on medical research and other organizations that have not traditionally been targeted by advanced threat actors. While targeted attacks are not new, we are seeing the nature and objectives of attackers expand. Threat actors are using increasingly sophisticated technology, tools and techniques, including those produced by nation state militaries and intelligence organizations. Yet most organizations still just react, investing in cybersecurity programs based on regulation and common maturity frameworks rather than in proactive risk mitigation strategies. While these cybersecurity programs are essential to promoting good cyber practice, reactive approaches do not adequately counter targeted attacks. As targeted attacks evolve, organizations need to commit to specific defensive investments in tools, techniques and skills to buy down risks efficiently.

Understanding the evolution of targeted attacks
Targeted attackers have specific aims and objectives. They differ from general opportunistic attacks that look for vulnerabilities and distribute malware indiscriminately. The initial recognition of targeted attacks occurred in addressing cyber espionage against US military and defense industry targets. Next Peak co-founder, and Oliver Wyman Senior Advisor, Greg Rattray coined the term advanced persistent threat (APT) in 2007 to describe how advanced threat actors will persistently attack targets with data, information and knowledge essential to the attacker, no matter how strong an organization’s defenses.

Since that initial recognition, the objectives of targeted attacks have expanded greatly. Once focused primarily on national security espionage, these threats now stretch across a wide range of aims and industries. Targeted attackers’ aims now vary from intellectual property theft, to political or economic espionage, political coercion, competitive disruption, to even provoking embarrassment. Increasingly, we are also seeing evolved hybrid targeted attacks with a combination of aims.

To read the full article, visit Next Peak’s blog