Tim Bourgaize Murray: RIP, “APT”
When a real problem meets dated jargon.
In a world where words and catchphrases drift in and out of style, etymology is all the more important and too often ignored. To wit, and believe it or not, I briefly debated using “On Leek” parodying “on fleek” to headline this month’s cover story. Understanding where verbiage comes from should help explain what it means and why, all of the sudden, Twitter is obsessed with hashtagging it.
Of course, the same goes for technology speak. Take, for instance, a cyber-related situation back in 2011, when a state actor compromised RSA, the vendor that builds token-password technology used by most Fortune 500 companies. The actor turned out to be China, but everyone involved was reticent to say as much.
Back then, it wasn’t politically kosher to identify the country, as one senior technologist recently put it to me, so a new term—“advanced persistent threat”—was coined and served to obfuscate things until an army general at US Cyber Command, Keith Alexander, and US senator Carl Levin decided enough was enough, and, in a surprising turnabout, finally “outed” the perpetrator. That same chief technologist said the term—more simply known now as APT—could probably have gone away then and there, without anyone noticing.
Drawing Ire
But the opposite happened. Four years later, APT is probably the second most commonly used acronym in cybersecurity chatter, after DDoS (distributed denial of service), but it draws a lot more ire from CISOs. In a recent Waters story on the Carbanak bank breach, one source even made his own sarcastic revision, noting that the Kaspersky press push was really an AVT—advanced vendor threat. Ouch.
Like anything else that is highly marketed, the concept of an APT doesn’t exactly fit reality. There are many persistent threats facing financial services firms, and more rarely, there are bespoke, advanced threats that go after intellectual property or source code—but it isn’t too often that the Venn diagram overlaps. Yet we’re led to believe that in each and every moment we’re facing a cyber-Armageddon … and even the world’s most careful media organizations are happy to go along with that narrative.
So what’s the problem? Well, like anything else that is highly marketed, the concept of an APT doesn’t exactly fit reality. There are many persistent threats facing financial services firms, and more rarely, there are bespoke, advanced threats that go after intellectual property or source code—but it isn’t too often that the Venn diagram overlaps. Yet we’re led to believe that in each and every moment we’re facing a cyber-Armageddon … and even the world’s most careful media organizations are happy to go along with that narrative.
It would seem counterintuitive, but the most level-headed bunch in the security space—at times, even playing things down—are actually the CISOs themselves. As rational actors, they would seem most likely to play-up the threat. Bigger budgets and more personnel would probably follow.
Instead, it’s almost as if they’re in the opposite role: managing the risk, of course, but dispelling rumors and reassuring board members that, yes, actually, the firm has known for months, if not years, about the cyber news they read in the Financial Times yesterday. It must be an awfully strange position to hold in 2015, though obviously an exciting one—as we hope the entirety of the April issue of Waters has shown.
More Wheat, Less Chaff
From a vendor’s perspective, it should be an interesting space to watch, too. The major names in the space haven’t really changed yet, but if Blackstone is any indication, it does seem that more major capital markets firms are increasingly looking to start-ups rather than establishment players to fit what they need. I imagine the arguments are traditional ones: better service levels, greater customization and the opportunity to mold the product (and in Blackstone’s case, the company itself) earlier on—more wheat, less chaff.
Authorities are closing in on identifying the perpetrators of the JP Morgan Chase data theft from last year, and I imagine the industry is watching closely. Not for the contour or source of the threat—most everyone with a cyber-intelligence provider probably already knows most of that—but rather for the way it is handled by the regulatory and government authorities. In short, the way it’s spun.
Which gets back to the roots of the problem with cyber: it’s fluid and complicated enough, and we’d be better off without an additional patina of jargon coating it.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
This Week: First Trust/Bloomberg/New Constructs, Cboe/Metaurus, LTX/MultiLynq, and more
A summary of the latest financial technology news.
Waters Wavelength Podcast: S&P’s CTO on AI, data, and the future of datacenters
Frank Tarsillo, CTO at S&P Global Market Intelligence, joins the podcast to discuss the firm’s approach to AI, the importance of data, and what might be in store for datacenters in the coming years.
BMO’s cloud migration strategy eases AI adoption
The Canadian bank is embracing a more digital future as its cloud strategy makes gains and it looks to both traditional machine learning and generative AI for further augmentation.
Waters Wrap: GenAI and rising tides
As banks, asset managers, and vendors ratchet up generative AI experiments and rollouts, Anthony explains why collaboration between business and tech teams is crucial.
Ice moves to meet demand for greater cloud, AI capabilities
The exchange also outlined competitive advantages behind managing its data and cloud strategy internally during its Q1 earnings call on Thursday.
FactSet looks to build on portfolio commentary with AI
Its new solution will allow users to write attribution summaries more quickly and adds to its goal of further accelerating discoverability, automation, and innovation.
How Ally found the key to GenAI at the bottom of a teacup
Risk-and-tech chemistry—plus Microsoft’s flexibility—has seen the US lender leap from experiments to execution.
Most read
- Chris Edmonds takes the reins at ICE Fixed Income and Data Services
- Waters Wavelength Podcast: S&P’s CTO on AI, data, and the future of datacenters
- BMO’s cloud migration strategy eases AI adoption