According to a recent study from ISACA, one in five enterprises have experienced an APT attack. In addition, 94 percent of the 1,500 IT professionals surveyed agreed that APTs represent a credible threat to national security.
The study revealed that 53 percent of the survey’s respondents reported a total lack of belief when it comes to APTs being different from traditional threats, “indicating that many do not fully understand APTs.”
I disagree with this line of thought. Most of the time, attacks considered APTs use 0-Day exploits, or malware that slips past poorly updated AV software, or phishing to compromise a host or organization. There is nothing advanced about attacks like these. Such a thing happens all the time, and is successful due to poor security practices. Lately, what hits the headlines as a sophisticated attack or APTs are the same types of attacks businesses have been facing for years.