Advanced Persistent Threat–or APT (News - Alert)–is a new class of cyber attack. Maybe. Call it what you will, authorized users are still the weakest link in the security chain.

According to Tim ‘TK’ Keanini, CTO of nCircle, an APT attack involves patient, skilled, well-funded attackers going after the really big prize. Wikipedia claims that APT is a term “used in reference to a long-term pattern of targeted sophisticated hacking attacks aimed at governments, companies and political activists, and by extension, also to refer to the groups behind these attacks.”

By those descriptions, an APT does seem to be distinct from your off-the -shelf malware attack, but it has become a misused buzzword in the media and a sort of badge of honor for companies that are compromised. Nobody wants to admit their network was infiltrated by a plain old phishing attack, but saying that your company was the victim of an APT almost carries with it a sense of prestige in order to be worthy of the dedication and resources necessary to execute such an attack.

The recent RSA (News - Alert) data breach is an example of how the term is abused, though. RSA initially indicated that it was the victim of an APT, but it was later discovered that RSA was breached through a run-of-the-mill phishing attack using a zero-day exploit against Adobe (News - Alert) Flash.

Anup Ghosh, Founder and Chief Scientist of Invincea, describes the flaw in the APT logic. “We’ve heard in a number of sales meetings over the last year ‘We’re not that concerned with commercial malware–it is the APT stuff that scares us,’ and we shake our heads in disbelief on the car ride back to the airport,” adding, “Don’t they understand that virtually all malware has the potential to damage a company, to pilfer off Intellectual Property, to expose their brand to irreparable harm, to cost them untold millions?”

As Ghosh explains, “The reality is, the security industry needs to protect the network from the user and the user from him or herself. Educating the user just isn’t enough. The security industry is without a doubt stuck in a wash-rinse-repeat cycle, waiting for an attack to happen before anyone jumps into action.”

To take it a step further–it doesn’t really matter if the attack is a simple phishing attack, a traditional penetration of the network through hacking, or a more insidious Advanced Persistent Threat. In most of these cases, confidential or sensitive data is leaving the network using the context and permissions of an authorized user. What organizations need is a tool in place to monitor outbound traffic and communications and prevent data from being leaked by any means–accidental, intentional, or ‘APT.’

The bottom line is that whether APT is the next great threat to computer security or just a cool marketing buzzword is almost irrelevant. What matters is that information tends to leave the network through a user whether it is intentional, accidental, or the result of an attack or compromise.

To protect data against the weakest link, IT and security admins need to have DLP (data loss prevention) tools at the network perimeter to monitor and analyze outbound traffic and block sensitive or confidential data from leaving the network.