An 'Advanced Persistent Threat' is no longer a subject confined to science fiction films or used unscrupulously in the Fear, Uncertainty and Doubt (FUD) tactics of sales and marketing propaganda machines.
In recent years, the concept of greater risk from the insider threat has reverted to again focus on the external threat. The UK Government has recognised this serious and growing threat to the citizens, business and government with the launch of the Cyber Security Strategy of the United Kingdom.
Chapter 2 of the Cyber Security Strategy details the threats and vulnerabilities in cyber space, sighting the evolving threats from criminals, terrorists and states. It claims 'The time is now right to bring additional focus and effort to the critical cyber domain, to build on and extend the work of Information Assurance'. The strategy also details a widespread target landscape, including personal IT systems, corporations and government. E-crime is estimated to cost the UK economy many billions of pounds every year, affecting individuals and major enterprises controlling major transactions across complex networks.
Common methods of attack are considered in the strategy, which include electronic attacks either through direct means or by misleading the user, subversion of the supply chain, and through to more hostile attacks.
A Cyberis APT simulation will determine how your organisation stands up to the many techniques employed by these threat actors, without the fear of business disruption. Cyberis APT consultants will develop a simulated attack programme, based on the threat profile of your business or organisation, performed over a period of time in several discrete tranches that are formalised and agreed in advance.
The purpose of the simulation is to provide a realistic and evidence-based assessment of your most serious risks from attacks born from cyber threats. The simulation is designed to clearly report the most likely vectors to be subverted in a successful attack and the actual business impact of a successful attack. This enables you to focus defences and security controls where they really matter.
- Realistic simulation of attacks from APTs that are not restricted by the time constraints and limitation of techniques associated with traditional penetration testing.
- Enables you to focus defences and security controls, where vectors and vulnerabilities have been targeted in a wide context.
- Identifies the 'low-hanging fruit' and therefore the priorities for treating the immediate vulnerabilities and underlying causes.
- Can play a useful role in the staff education, awareness and training programmes.