Identifying vulnerabilities of advanced persistent threats: An organizational perspective

Abstract

One of the most serious and persistent threat that has emerged in recent years combining technical as well as non-technical skills is the Advanced Persistent Threat, commonly known as APT where hackers circumvent the organizational defenses and instead target the naivety of the employees in making an unintentional mistake. While this threat has gained prominence in recent years, research on its cause and mitigation is still at the infancy stage. In this paper the authors explore APT vulnerabilities from an organizational perspective to create a taxonomy of non-technical and technical vulnerabilities. The objective is to enhance awareness and detection of APT vulnerabilities by managers and end users. To this end, the authors conducted interviews with senior IT managers in three large organizations in Dubai, United Arab Emirates. The analysis of the findings suggested that the APT threat environment is affected by multiple factors spanning primarily nontechnical as well as technical vulnerabilities.