In-depth

Why the FUD around APT does more harm than good

Davey Winder calls on the security industry to stop using scare tactics, and start using education, in the fight against APTs

OPINION: ISACA, which used to be known as the Information Systems Audit and Control Association, published a report last week that sheds some interesting light on another acronym which annoys the hell out of me. And that is APT, which stands for either Advanced Persistent Threat or Absurdly Pointless Terminology depending on whether you are selling something or not.

The term APT is often flagged by vendors as some kind of bogeyman problem to scare you into buying the solution. It reminds me, more often than not, of a salesmen shouting 'FIRE! FIRE!' through your letterbox before embarking on a sales pitch for fire extinguishers.

ISACA isn't selling anything in particular, so I read the report. What I discovered was that 1 in 5 enterprises had experienced an APT attack and two thirds are scared enough to think it's only a matter of time before they are attacked this way.

It reminds me, more often than not, of a salesmen shouting 'FIRE! FIRE!' through your letterbox before embarking on a sales pitch for fire extinguishers.

Unsurprisingly, only 15 per cent thought they were prepared to defend themselves against one.

I am not surprised by this lack of preparation, simply because the hype surrounding APT is so rife that confusion rules the roost.

That confusion results in 40 per cent of the enterprises questioned in that survey not using security training and controls to defend themselves against this kind of stealthy and ongoing threat, and 70 per cent not using mobile controls despite this being a preferred route to kick-start such attacks.

I'm not arguing that vendors, or anyone else for that matter, should stop spreading the word about any type of threat to enterprise data but I am dead set against FUD being used to sell stuff rather than a focus on education. So here's a thought, and one that will probably get me kicked off a few more vendor lunch invite lists (like I care.)

It's time to focus more on education and less on the hard sell. Concentrate on ensuring your customers understand the basics of data security, really understand I mean, and the FUD surrounding APTs will start to melt away.

So if users know how to spot and deal with phishing (even persistent phishing) via email, social media or text message, then many APT attacks will go nowhere, slowly.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021