When RSA, owned by EMC, was brazenly hacked early this year, many people assumed the attack was a so-called APT, or advanced persistent threat, which can be defined as a sophisticated cyber attack instigated by a another country with significant resources and expertise.

Increasingly, the goal is more than a few dollars. These days, the bad guys are after intellectual property and corporate secrets that might be exploited by a nation-state. The stakes are as high as ever for security managers. Recently, information was presented to Congress that the same attack on RSA might have compromised other companies--the likes of IBM, Facebook, Microsoft, Google and much of the Fortune 100. A list of 760 organizations that might have been compromised was posted on KrebsonSecurity, a must read for the security industry. 

Not all of these attacks were as successful as the one on RSA. A handful of companies have told media outlets that they have not seen any evidence of such a coordinated attack. But it's quite possible that companies on the list didn't know for sure whether they've been compromised or not.  But most companies are simply staying mum. We can only hope that took the incident as a wake-up call internally. It's fair to say that as APTs step up, we're entering a tricky new era of cyber crime. This is a form of warfare that cannot be ignored.

Increasingly, governments will have to be involved. We're seeing that already. The vaunted National Security Agency (NSA), with its unprecedented information gathering apparatus, has quietly begun working with companies who seek help, providing information related to APTs, for example. The FBI has also been involved. Companies would be wise to get on top of this threat before it is too late. You do not want to read about an APT breach at your companies in the newspapers. -Jim