Article Preview
TopIntroduction
Advanced Persistent Threat (APT) is a term used for a new breed of insidious threats that use multiple attack techniques and vectors conducted by stealth to avoid detection so that hackers can retain control over target systems unnoticed, for long periods of time (Tankard, 2011). APT gained prominence during the first half of 2011 through a number of high profile and persistent IS security breaches in organizations namely Sony, the data-security firm RSA, Lockheed Martin, the email wholesaler Epsilon, the Fox broadcast network, NASA, PBS, the European Space Agency, the FBI, the British and French treasuries, the banking and insurance giant Citigroup, along with dozens of other companies and government agencies (Liebowitz, 2011).
The central objective of any security system is the ability to prevent undesired access, while still allowing authorized access to information (Post & Kievit, 1991) but with cyber incidents growing in intensity and severity (Kjaerland, 2006) the risks related to information security have become a major challenge and a top management priority for many organizations (Bulgurcu, Cavusoglu, & Benbasat, 2010). Thus, despite the critical role and relevance of information and information security in an organization, unauthorized breaches into organization’s internal and the extended networks occur with greater frequency and severity (Kjaerland, 2006; Straub & Welke, 1998; Whitman, 2004; Yadav, 2010).
APT is one of the least studied and researched topic as research on APT is scant in the academic domain. A title search using the words, ‘Advanced Persistent Threats’, ‘APT’ and ‘security awareness’ were conducted in the Association of Information Systems (AIS) journal database (www.ais.com) and Google Scholar spanning the years 2008 to 2013. While a search in AIS eLibrary (ten AIS journals and two conferences) yielded only four papers, a similar search on Google Scholars returned six papers focussing on APT. Three out of the four AIS published articles looked at the linkage between online social networking and APT. Molok, Chang, and Ahmad (2010) identified online social networking as the most challenging channel of information leakage and an attack vector of APT and, recommended security education, training and awareness for organisations to combat this threat. Molok, Ahmed and Chang (2011), further investigated the way online social networking leads to information leakage and the strategies utilized by organizations to control such a threat. The cultural change of employees’ online social network behaviour in APT attacks was also researched by Molok (2011). While the above papers covered the social networking aspect of APT threat, Ooi, Kim, Wang, and Hui (2012) investigated the behaviours of hackers using a longitudinal dataset of defacement attacks.
Six papers, related to APT and security were generated from Google scholar search. Daly (2009) explained APT attack methods and suggested techniques to combat this threat, while Binde, McRee, and O’Connor (2011) provide signature based methodology, manual analytical practices, statistical tactics, correlation concepts, as well as automatic leak prevention as countermeasure approaches to APT. Some of related issues addressed include the role of APT in political espionage (Li, A, & D, 2011), predicting the organizations and individuals that might be target of APT attacks (Lee & Lewis, 2011) and an analysis of APT attacks to develop a roadmap for detecting and managing these threats (de Vries, van den Berg, Warnier, & Hoogstraaten, 2012).