Identifying Vulnerabilities of Advanced Persistent Threats: An Organizational Perspective

Identifying Vulnerabilities of Advanced Persistent Threats: An Organizational Perspective

Mathew Nicho (University of Dubai, Dubai, UAE) and Shafaq Khan (University of Dubai, Dubai, UAE)
Copyright: © 2014 |Pages: 18
DOI: 10.4018/ijisp.2014010101
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

One of the most serious and persistent threat that has emerged in recent years combining technical as well as non-technical skills is the Advanced Persistent Threat, commonly known as APT where hackers circumvent the organizational defenses and instead target the naivety of the employees in making an unintentional mistake. While this threat has gained prominence in recent years, research on its cause and mitigation is still at the infancy stage. In this paper the authors explore APT vulnerabilities from an organizational perspective to create a taxonomy of non-technical and technical vulnerabilities. The objective is to enhance awareness and detection of APT vulnerabilities by managers and end users. To this end, the authors conducted interviews with senior IT managers in three large organizations in Dubai, United Arab Emirates. The analysis of the findings suggested that the APT threat environment is affected by multiple factors spanning primarily non-technical as well as technical vulnerabilities.
Article Preview

Introduction

Advanced Persistent Threat (APT) is a term used for a new breed of insidious threats that use multiple attack techniques and vectors conducted by stealth to avoid detection so that hackers can retain control over target systems unnoticed, for long periods of time (Tankard, 2011). APT gained prominence during the first half of 2011 through a number of high profile and persistent IS security breaches in organizations namely Sony, the data-security firm RSA, Lockheed Martin, the email wholesaler Epsilon, the Fox broadcast network, NASA, PBS, the European Space Agency, the FBI, the British and French treasuries, the banking and insurance giant Citigroup, along with dozens of other companies and government agencies (Liebowitz, 2011).

The central objective of any security system is the ability to prevent undesired access, while still allowing authorized access to information (Post & Kievit, 1991) but with cyber incidents growing in intensity and severity (Kjaerland, 2006) the risks related to information security have become a major challenge and a top management priority for many organizations (Bulgurcu, Cavusoglu, & Benbasat, 2010). Thus, despite the critical role and relevance of information and information security in an organization, unauthorized breaches into organization’s internal and the extended networks occur with greater frequency and severity (Kjaerland, 2006; Straub & Welke, 1998; Whitman, 2004; Yadav, 2010).

APT is one of the least studied and researched topic as research on APT is scant in the academic domain. A title search using the words, ‘Advanced Persistent Threats’, ‘APT’ and ‘security awareness’ were conducted in the Association of Information Systems (AIS) journal database (www.ais.com) and Google Scholar spanning the years 2008 to 2013. While a search in AIS eLibrary (ten AIS journals and two conferences) yielded only four papers, a similar search on Google Scholars returned six papers focussing on APT. Three out of the four AIS published articles looked at the linkage between online social networking and APT. Molok, Chang, and Ahmad (2010) identified online social networking as the most challenging channel of information leakage and an attack vector of APT and, recommended security education, training and awareness for organisations to combat this threat. Molok, Ahmed and Chang (2011), further investigated the way online social networking leads to information leakage and the strategies utilized by organizations to control such a threat. The cultural change of employees’ online social network behaviour in APT attacks was also researched by Molok (2011). While the above papers covered the social networking aspect of APT threat, Ooi, Kim, Wang, and Hui (2012) investigated the behaviours of hackers using a longitudinal dataset of defacement attacks.

Six papers, related to APT and security were generated from Google scholar search. Daly (2009) explained APT attack methods and suggested techniques to combat this threat, while Binde, McRee, and O’Connor (2011) provide signature based methodology, manual analytical practices, statistical tactics, correlation concepts, as well as automatic leak prevention as countermeasure approaches to APT. Some of related issues addressed include the role of APT in political espionage (Li, A, & D, 2011), predicting the organizations and individuals that might be target of APT attacks (Lee & Lewis, 2011) and an analysis of APT attacks to develop a roadmap for detecting and managing these threats (de Vries, van den Berg, Warnier, & Hoogstraaten, 2012).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 12: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing