Advanced Persistent Threats (APTs) and the Threat Landscape

Cybersecurity is anything but a numbers game. When it only takes a single break to inflict serious damage on your business, defending against majority of attacks isn't enough.

That's why it's best to focus our attention on the most dangerous threats we face, rather than those we face most often.

Known threats, accounting for about 70% of malware, are relatively easy to defend against. As long as we recognize the malicious code, we can block it: traditional signature-based methods typically cope with this.

A further 20% of malware comes under the banner of 'unknown threats'. Fighting these requires more sophisticated tools. But by using methods which go beyond standard anti-virus software; such as heuristics and dynamic whitelisting - we can combat these too.

Then there's the remaining 1%. Advanced threats which are multi-faceted, continuous and targeted attacks. Designed to penetrate a network and, lurk unseen and collect sensitive data, once in place, they can remain undetected for years.

Just as APT's are often multi-layered threats, an effective APT response needs to be multi-layered. Simple security tools are simply not enough. So what does this approach look like? The Australian Signals Directorate has developed an extended and thorough list of strategies to mitigate advanced threats. We believe that these strategies are just as applicable in Botswana and are a good place to start:

1. Security Policies and Education: Companies need comprehensive and regular education on security issues encouraging the right behaviors

2. Network Security: The structure of your network can greatly help to reduce the potential impact of an infection, exponentially decreasing your level of risk

3. System Administration: Controlling & restricting user administration privileges through security policies can reduce vulnerabilities

4. Specialized Security Solutions: Multi-layered protection

Key Mitigation Strategies:

• Application control and whitelisting

• Patching application and OS vulnerabilities

• Operation System exploit mitigation

• Host-based intrusion prevention

• Dynamic analysis of email and web content

#malware #apt #threatlandscapebotswana #advancedpersistentthreats #botswana #security