When I ask small and medium enterprise (SME) business owners and IT executives which security issues they are most worried about, the answer typically includes ransomware, data theft, and DDoS attacks. Each is conceptualized as a one-off catastrophe, the risk of which can be mitigated by following security best practices — updating software, maintaining strong firewalls, and defense-in-depth security systems. And they’re exactly right about that approach. But there’s a blind spot that goes unconsidered: the advanced persistent threat (APT).
APTs are targeted attacks that take place over a prolonged period of time. The aim is often to gain information — private documents, intellectual property, user data — that can be used by the criminals to make money.