as quickly as possible, the attacker gains access to a network and maintains it undetected for a lengthy
            period of time, either mining data consistently or slowly working deeper and deeper into the network until
            the targeted information or system is reached. APTs tend to be extraordinarily sophisticated, and the
            successful execution of one can represent years-long full-time jobs for professional hackers.

            Because the resources necessary for such an attack are particularly great in terms of financing and
            intelligence gathering, APTs are most often perpetrated by large criminal networks or, more commonly,
            government-affiliated organizations. Also, the targets tend to be larger and of greater value. For example,
            nation states might use an APT to gain access to another country’s military network for general
            surveillance or to steal strategic information, weapon designs, or other highly sensitive information. A
            criminal organization might target the intellectual property of a prominent company with the intent of
            selling it for massive financial gain.

            Although each APT is unique based on the specific target and goal, they do share a general progression.
            The initial stage tends to be research — learning as much as possible about the target to facilitate
            network access. The next stage is then the network infiltration itself, often achieved through spear
            phishing or relatively simple malware. From there, the attacker gains a foothold, and the attack deepens
            and spreads. The initial infiltration might take years to accomplish or might happen quickly, but the
            expansion is usually done over a lengthy period of time. During this stage the key is remaining
            undetected while mining data, gaining greater access, or even obtaining control of the system. Many
            attackers will create back doors to allow for easier or repeat access. The final stage is data extraction
            and exfiltration.




            Data breaches and privacy


            A data breach is an event in which confidential data has potentially been viewed, stolen, or used by an
            individual unauthorized to do so.



            Causes of a data breach
            The following are the top causes of data breaches, according to the 2018 Data Breach Investigations
                   29
            Report.
              Humans. As previously mentioned, humans tend to fall prey to social engineering attacks, which then
               lead to data breaches.
              Web attacks. Any incident in which a web application was the vector of attack. Many web attacks
               occur through the use of stolen credentials. Once an attacker is in, they are able to elevate their
               privileges or traverse the network to obtain sensitive data.
              Cyber espionage. Cyber espionage includes unauthorized network or system access linked to state-
               affiliated actors for the purpose of espionage.
              Insider and privileged misuse. Any unapproved or malicious use of organizational resources by a
               legitimate user. Threats from legitimate users can be very difficult to detect. Most incidents take
               months or years to discover.

            29  “Cybersecurity Fundamentals for Finance and Accounting Professionals Certificate Course”, AICPA.


            © 2019 Association of International Certified Professional Accountants. All rights reserved.    1-26