Security expert Larry Clinton called for businesses and government to "modernize our notion of what constitutes cyber defense," saying that organized advanced persistent threat (APT) attacks are a main cyber-security concern. According to an article from Federal News Radio, which cites statistics from the Ponemon Institute, industry spends $80 billion a year on cyber security, more than the Department of Homeland Security's entire budget of $57 billion. The large amount spent by private industry reflects the reality that organized and well-funded cyber criminals are reaching beyond government targets to attack specific businesses for the purpose of gathering intelligence.

An APT attack is slow and steady and may use many different tactics to gain entry into a system. Once in, its goal is to spread to other hosts, go unnoticed for as long as possible, and gather information to send back to its command center. Although a random or otherwise opportunistic cyber attack may share similar traits, an APT attack differs in that the attack persists--possibly indefinitely--on a specific target, leading to the belief that these attacks may be directed by another government entity or organization with specific desires to gather proprietary or otherwise protected information.

The notion that the attacks may persist for very long periods of time is most alarming, particularly to midsized businesses with limited budgets to combat such an attack. Because of the increased awareness of the cost and risk to both government and industry, the National Institute of Standards and Technology (NIST) released a draft document for comment that details methods for cyber-incident prevention and response that include APT type attacks. IT may find the document of interest to gain perspective on both the problem and the potential policy elements to consider for a cyber-security standard operating procedures (SOPs) document.

IT professionals at midsized companies might already have SOPs for cyber security, but with the awareness of advanced persistent threats, it may be wise to revisit them, identify those intellectual property assets within the company that need to be safeguarded above all else, and review how they are currently stored, protected and monitored for security. Even when all defenses are in place, if a cyber attacker persists, he may eventually find that one vulnerability or a new combination of methods that can break through and infiltrate that wall of defense. Modernization of cyber defense then, should also include an in-depth approach as well as a perimeter approach. While it may not completely solve the problem of the well-funded and well-organized cyber attacker, it may make it more likely that indicators of an attack are spotted before a breach occurs.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.