Although Advanced Persistent Threats and Targeted Attacks are often confused, in their core these are two different things in the field of online security. Most businesses out there need only worry about one of these two types of attacks, focusing their efforts to remain thoroughly protected against both enemies and threats.
Many people get confused over the terminology of online threats, such as Targeted Attacks and APTs (which stands short for Advanced Persistent Threats). However, when it comes to comparing these two, there is nothing that should confuse you. On the contrary, the differences are substantial and this is what we are going to highlight in this article.
First of all, when we talk about Advanced Persistent Threats, we generally refer to the targeted attacks held by nations and states. This means that these attacks had been meticulously designed and programmed, so as to do what they were supposed to. There are web developers (and most likely lots of them) that work behind Advanced Persistent Threats. So, their design is impeccable most of the times and the results are pre-determined. No room for mistakes, in the scenario of intelligence agencies aiming at doing harm and gaining access to sensitive data.
The cost is high, as you can imagine – with such preparation and with so many brilliant minds building something, and the chances that the outcome will be brilliant, too!
On the contrary, Targeted Attacks are the most common threats that most businesses and individuals encounter. They are not designed by the intelligence agencies and they do not require such a great budget. There is no sole goal that derives from these attacks, as the people behind them can either seek to gain access to credit card credentials or just cause mayhem, get their hands on personal information for blackmail and so on.
Even if it is good for the media and the advertising campaigns to confuse people and put both of these threats (meaning the Advanced Persistent Threats and the Targeted Attacks) under the same veil of mystery, this is not the case. Instead, the former is not for people to lose their sleep over – the latter is what they should be focusing on.
The truth behind this confusion has to do with the aim of IT security departments and cybersecurity companies to get excuses for not fighting off threats. If the enemy is regarded as gigantic (with the funds and the power of nations and agencies), failure is much easier to tackle with. However, everybody needs to understand that each threat can be proven a handful and there needs to be prudent strategy and dedication for dealing with it.