"Perpetrators of these ‘advanced persistent threats’ (APTs) spend much more time gathering information than other hackers."
ALAN PHILLIPS, PA SECURITY expertJane BirdFinancial Times1 June 2012
PA’s Alan Phillips, security expert, is quoted extensively in an article in the Financial Times as part of a special report on cyber security. The article looks at computer crime and how, although much of this is opportunistic and random, some cyber attacks are focused and target a specific individual or organisation
Alan says: “Perpetrators of these ‘advanced persistent threats’ (APTs) spend much more time gathering information than other hackers.”
The material could be about operational activities, staff members, IP addresses, even job advertisements. “By the time they launch the attack, they have a high degree of success,” Alan says.
Alan talks about how APTs can be hard to spot and says it is like having an invisible man in your house: “You only see him if he leaves muddy footprints.”
Alan goes on to advocate “dynamic” defence – making frequent small changes to system configurations to thwart offensive techniques. He recommends regularly testing defences and instant response plans, “so people know what to do when something does happen”.
He also advocates logging and monitoring as much detail as possible around sensitive data, “so you have the forensic information to work out what’s gone wrong – otherwise, you might suspect a breach for a long time without being able to discover it”.
Staff should be discouraged from listing their technical skills on sites such as LinkedIn, because this might give away operational activities, Alan says. Criminals can work out what software you are running.
Alan also suggests staff should not use their work email addresses and IDs on public websites such as help forums. Another simple precaution that is often overlooked is removing default, factory-set system passwords.
You can read the article in full here.