Advanced Threats: Driving Senior Leadership Awareness

Posted on Tuesday, March 19, 2013 by Paul Jauregui

In today’s changing security environment, where advanced persistent threats (APT) are playing such a dramatic and notable role, it is the security organization’s responsibility to ensure that senior leadership understands and accepts risk associated with modern-day advanced threat actors.

Some organizations may be serious about security, but may not be ready to focus resources on improving detection and response capabilities—and that is Okay. Maybe your organization is just starting to build out security plans and procedures. Regardless of your current security maturity levels, you should at least be engaged in a conversation about Advanced Threats.

It is incumbent upon security leaders to drive this conversation within your organization in an effort to shift expectations away from thinking you will be able to protect against everything, to one of understanding that in today’s environment it is not a matter of “if” you are going to be compromised—it is “when”. Moreover, how quickly as an organization can you rebound? What kind of resiliency do you bring to the table? What do you have in place to minimize the impact of the initial compromise? And how quickly can you move to engage the adversary?

Are you having these conversations today within your organization? If so, are you able to effectively communicate the “so what” factor from your organization’s perspective?

Focus on closing the Security Gap when testing capabilities

Your organization’s Security Gap is the inevitable lag that exists between initial intrusion and first detection. While prevention efforts should not be ignored, a true measure of an organization’s APT readiness is in its ability to quickly detect security intrusions and thoroughly uncover the extent and impact of those intrusions.

If you are serious about defending, resisting and responding to modern-day Advanced Threats, testing your organization’s security plan, procedures and personnel against simulated Advanced Threats is essential.

advanced persistent threat APT lifecycle
Security Gap in Advanced Persistent Threat (APT) Lifecycle (enlarge)

How to test current capabilities against Advanced Threats

Many of today’s leading organizations are using scenario-based advanced threat simulations, or red team exercises, to measure Advanced Threat readiness. These exercises are designed to simulate real-world advanced threats by using the same adaptive Tactics, Techniques and Procedures (TTP) for predicting and evading your security controls and incident response best practices. This approach provides a holistic approach to security testing by carefully examining weaknesses from several standpoints including systems, networks, applications, physical locations, and employees (who may be susceptible to social engineering or phishing attacks).

Advanced Threat testing helps you demonstrate that common defenses, procedures, and controls used to deal with commodity security threats are often ineffective against the targeted and adaptive nature of APT-style attacks. The exercises also provide the benefit of a controlled real-world threat environment which is useful for measuring your organization’s effectiveness in detection, incident response, and digital forensics. Finally, the advanced threat simulation exercises can be utilized as a foundation for managing expectations of what an effective security organization can do for senior leadership.

Talk to senior leaders in terms of the “so what” factor. Explain the actual business impact, the potential reputational risk, and the loss of intellectual property that can come from not taking action on these Advanced Threats. Regular testing provides you with the guidance needed to educate senior leaders regularly on the latest trends you are seeing, the evolution of APT threat actors, and the potential cost to your organization if you do not adequately prepare to defend against and resist Advanced Threat actors.

If you are serious about defending, resisting and responding to modern-day Advanced Threats, testing your organization’s security plan, procedures and personnel against simulated Advanced Threats is essential.