Advanced Persistent Threat (APT)

Cybersecurity has long been regarded as an arms race between hackers and those that develop tools, tactics, and strategies to prevent, detect, and stop hackers.

Given the "arms race" nature of cybersecurity and the increasing importance of technology to the day-to-day operation of society around the world, over time attacks and compromises have become both more sophisticated and more potentially devastating.

The most sophisticated type of threat is today commonly referred to as an APT, or advanced persistent threat. The term isn't domain-specific to software, hardware, a particular tactic, or a particular kind of actor, but may refer to any combination of these. What makes an APT unique are the characteristics associated with it: APTs tend to be complex, highly stealthy, and operate undetected and often with significant obfuscation over the long term to exfiltrate data or provide unauthorized access to threat actors.

Detection of APTs is part luck and part arduous process, requiring a significant degree of both technology and skill, as APTs are generally designed to enter and "dwell" in a system over time, meaning that extensive work is done to ensure that activity is camouflaged to escape detection. The goal is generally not to disable a system, but rather the opposite—to compromise and leverage, for malicious purposes, its ongoing normal operation.

APTs are most often defined as or associated with state actors or state-sponsored cyber threat activity, but as AI continues to proliferate, it is possible that APTs will become a more general phenomenon; for this reason, work to use AI and other techniques to monitor systems and detect APTs is ongoing across much of the cybersecurity industry.