Advanced Persistent Threat (APT)
Bruce Schneier on the
Advanced Persistent Threat (APT) concept in his
Crypto-Gram Newsletter:
"It highlights an important characteristic of a particular sort of Internet attacker.
A conventional hacker or criminal isn't interested in any
particular target. He wants a thousand credit card numbers for fraud,
or to break into an account and turn it into a zombie, or whatever.
Security against this sort of attacker is relative; as long as you're
more secure than almost everyone else, the attackers will go after other
people, not you. An APT is different; it's an attacker who -- for
whatever reason -- wants to attack you. Against this sort of attacker,
the absolute level of your security is what's important. It doesn't
matter how secure you are compared to your peers; all that matters is
whether you're secure enough to keep him out.
APT attackers are more highly motivated. They're likely to be
better skilled, better funded, and more patient. They're likely to try
several different avenues of attack. And they're much more likely to
succeed."
No comments:
Post a Comment