Advanced Persistent Threats Awareness and Readiness: A Case Study in Malaysian Financial Institutions

摘要

Advanced Persistent Threats (APT) has targeted the financial institutions (FI) for intelligence gathering on sensitive customer information and monetize the attack. APT could cause disastrous impact to the targeted FI and the country's economy if there is a lack of preparation to confront these challenges and attacks. A case study on local FI was carried out to examine the influencing factors of APT awareness among FI's cybersecurity practitioners and to investigate the security strategies employed by FI to protect them from APT attacks. Feedback from CyberSecurity Malaysia (CSM) was sought to validate the findings. It was found that the factors that influence APT awareness in local FI include the emphasis on informal learning on APT, attackers' financial motivation, the FI's reputational risks and the availability of financial regulatory requirements to combat any cybersecurity risks. The awareness has led cybersecurity practitioners in local FI to implement advanced security technologies and integrated security controls as their readiness to defend FI against APT attacks.