Cybersecurity Approaches to APTs Are Often 10 Years Out of Date, Says New ISACA Book

by | Oct 11, 2013 | IT

London, UK (11 October) Many of today’s most destructive advanced persistent threats (APTs) were conceived a decade ago, so enterprises that rely on most traditional approaches to cybersecurity are unlikely to succeed against the next generation of attacks. This is one of the cautions in a new book published by global IT association ISACA in Cybersecurity Awareness Month.

Advanced Persistent Threats: How to Manage the Risk to Your Business advises that traditional defenses such as firewalls and anti-malware are not up to the challenge of today’s APTs and that organizations need to add need skills, processes and technology to their cybersecurity arsenal.

“The motives behind APTs are as old as civilization itself: espionage, sabotage, crime, terrorism, warfare and protest. What’s not old is the increase in attacks and sophistication. Enterprises need to think about APTs more as a different breed than a new generation,” said author David Lacey, CITP. Lacey is a leading futurist and IT security authority whose professional experience includes risk and security positions at Royal Mail Group and Royal Dutch/Shell Group.

An ISACA cybersecurity survey of more than 1,500 security professionals worldwide found that 94 percent of respondents believe that APTs represent a credible threat to national security and economic stability. One in five enterprises has already experienced an APT attack, but more than half of respondents don’t believe that APTs differ from traditional threats.

The book communicates two important messages: combating APTs is not business as usual, and APTs should be everyone’s business. It is written in clear, nontechnical language to reach business managers and government officials responsible for valuable intellectual assets or critical services that might be targeted by an APT attack. It also details the differences between the controls needed to counter an advanced persistent threat and those used to mitigate everyday information security risk.

The ISACA book equips enterprises with information on effective techniques for combating APTs. It was written as a practical look at topics many organizations do not fully understand, including:

  • Typical shortcomings of existing cybersecurity processes
  • How to tell if you’re experiencing an APT attack
  • What a moral hazard is and how it affects APTs
  • How to disrupt a cyber “kill chain” (stages of a cyberattack)

Mitigating an APT attack intersects in part with conventional guidance and controls, such as those set out in ISACA’s COBIT 5 framework, SANS Institute critical controls and ISO/IEC 27001 security standards. This book focuses on enhancements needed and it highlights areas where controls need to be strengthened or extended.

This is the latest addition to ISACA’s cybersecurity resources, which includes the Responding to Targeted Cyberattacks book; Transforming Cybersecurity Using COBIT 5; a cybercrime audit program, theAdvanced Persistent Threats Survey; the Cybersecurity community in ISACA’s Knowledge Center, and the Information Security and Risk Management Conference, taking place 6-8 November 2013 in Las Vegas. ISACA is a partner of European Cyber Security Month and a champion of National Cybersecurity Awareness Month.

Advanced Persistent Threats: How to Manage the Risk to Your Business is available at


With more than 110,000 constituents in 180 countries, ISACA® ( helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, the nonprofit, independent ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. These professionals rely on ISACA as the trusted source for information and technology knowledge, community, standards and certification. The association, which has 200 chapters worldwide, advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control (CRISC) credentials. ISACA also developed and continually updates COBIT®, a business framework that helps enterprises in all industries and geographies govern and manage their information and technology.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook:

Translate »